On 09/29/2016 02:02 PM, william.c.roberts@xxxxxxxxx wrote:
> From: William Roberts <william.c.roberts@xxxxxxxxx>
>
> Provide stubs to the public boolean API that always returns -1.
>
> On Android, boolean symbols are needed for:
> external/ltrace/sysdeps/linux-gnu/trace.c
Is this really worth doing?
>
> Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
> ---
> libselinux/Makefile | 4 +++
> libselinux/src/booleans.c | 64 +++++++++++++++++++++++++++++++++++++++--------
> 2 files changed, 58 insertions(+), 10 deletions(-)
>
> diff --git a/libselinux/Makefile b/libselinux/Makefile
> index f607115..b5f32bb 100644
> --- a/libselinux/Makefile
> +++ b/libselinux/Makefile
> @@ -5,6 +5,7 @@ DISABLE_RPM ?= y
> ANDROID_HOST ?= n
> ifeq ($(ANDROID_HOST),y)
> override DISABLE_SETRANS=y
> + override DISABLE_BOOL=y
> endif
> ifeq ($(DISABLE_RPM),y)
> DISABLE_FLAGS+= -DDISABLE_RPM
> @@ -12,6 +13,9 @@ endif
> ifeq ($(DISABLE_SETRANS),y)
> DISABLE_FLAGS+= -DDISABLE_SETRANS
> endif
> +ifeq ($(DISABLE_BOOL),y)
> + DISABLE_FLAGS+= -DDISABLE_BOOL
> +endif
> export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST
>
> USE_PCRE2 ?= n
> diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
> index c438af1..cbb0610 100644
> --- a/libselinux/src/booleans.c
> +++ b/libselinux/src/booleans.c
> @@ -25,6 +25,8 @@
>
> #define SELINUX_BOOL_DIR "/booleans/"
>
> +#ifndef DISABLE_BOOL
> +
> static int filename_select(const struct dirent *d)
> {
> if (d->d_name[0] == '.'
> @@ -85,8 +87,6 @@ int security_get_boolean_names(char ***names, int *len)
> goto out;
> }
>
> -hidden_def(security_get_boolean_names)
> -
> char *selinux_boolean_sub(const char *name)
> {
> char *sub = NULL;
> @@ -141,8 +141,6 @@ out:
> return sub;
> }
>
> -hidden_def(selinux_boolean_sub)
> -
> static int bool_open(const char *name, int flag) {
> char *fname = NULL;
> char *alt_name = NULL;
> @@ -262,8 +260,6 @@ int security_get_boolean_active(const char *name)
> return val;
> }
>
> -hidden_def(security_get_boolean_active)
> -
> int security_set_boolean(const char *name, int value)
> {
> int fd, ret;
> @@ -297,8 +293,6 @@ int security_set_boolean(const char *name, int value)
> return -1;
> }
>
> -hidden_def(security_set_boolean)
> -
> int security_commit_booleans(void)
> {
> int fd, ret;
> @@ -327,8 +321,6 @@ int security_commit_booleans(void)
> return -1;
> }
>
> -hidden_def(security_commit_booleans)
> -
> static char *strtrim(char *dest, char *source, int size)
> {
> int i = 0;
> @@ -567,3 +559,55 @@ int security_load_booleans(char *path)
> errno = EINVAL;
> return errors ? -1 : 0;
> }
> +
> +#else
> +int security_set_boolean_list(size_t boolcnt __attribute__((unused)),
> + SELboolean * boollist __attribute__((unused)),
> + int permanent __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_load_booleans(char *path __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_get_boolean_names(char ***names __attribute__((unused)),
> + int *len __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_get_boolean_pending(const char *name __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_get_boolean_active(const char *name __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_set_boolean(const char *name __attribute__((unused)),
> + int value __attribute__((unused)))
> +{
> + return -1;
> +}
> +
> +int security_commit_booleans(void)
> +{
> + return -1;
> +}
> +
> +char *selinux_boolean_sub(const char *name __attribute__((unused)))
> +{
> + return NULL;
> +}
> +#endif
> +
> +hidden_def(security_get_boolean_names)
> +hidden_def(selinux_boolean_sub)
> +hidden_def(security_get_boolean_active)
> +hidden_def(security_set_boolean)
> +hidden_def(security_commit_booleans)
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
