init: Refactor selinux.h/cpp
This change factors out functions that handle selabels from
selinux.h/cpp into selabel.h/cpp. This allows util.cpp to be used by
the upcoming native zygote without a bunch of define flags that are
required for selinux.cpp.
Bug: 133443795
Test: Build and boot cuttlefish.
Change-Id: Ie238a96c6407c6698a605dd8803c1727abfaae7b
diff --git a/init/Android.bp b/init/Android.bp
index f71437f..232d7e3 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -124,6 +124,7 @@
"reboot.cpp",
"reboot_utils.cpp",
"security.cpp",
+ "selabel.cpp",
"selinux.cpp",
"service.cpp",
"sigchld_handler.cpp",
diff --git a/init/Android.mk b/init/Android.mk
index c4f7d34..0a3e8c7 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -52,6 +52,7 @@
first_stage_mount.cpp \
mount_namespace.cpp \
reboot_utils.cpp \
+ selabel.cpp \
selinux.cpp \
switch_root.cpp \
uevent_listener.cpp \
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 840f2d4..e9d58c6 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -70,6 +70,7 @@
#include "property_service.h"
#include "reboot.h"
#include "rlimit_parser.h"
+#include "selabel.h"
#include "selinux.h"
#include "service.h"
#include "subcontext.h"
diff --git a/init/devices.cpp b/init/devices.cpp
index 159c75e..5e760d0 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -36,7 +36,7 @@
#include <selinux/android.h>
#include <selinux/selinux.h>
-#include "selinux.h"
+#include "selabel.h"
#include "util.h"
#ifdef _INIT_INIT_H
diff --git a/init/init.cpp b/init/init.cpp
index 548e8c5..8ce96f6 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -65,6 +65,7 @@
#include "reboot.h"
#include "reboot_utils.h"
#include "security.h"
+#include "selabel.h"
#include "selinux.h"
#include "sigchld_handler.h"
#include "util.h"
diff --git a/init/selabel.cpp b/init/selabel.cpp
new file mode 100644
index 0000000..daeb832
--- /dev/null
+++ b/init/selabel.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "selabel.h"
+
+#include <selinux/android.h>
+
+namespace android {
+namespace init {
+
+namespace {
+
+selabel_handle* sehandle = nullptr;
+}
+
+// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
+// its value. selinux_android_restorecon() also needs an sehandle for file context look up. It
+// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
+// one, thus eliminating an extra call to selinux_android_file_context_handle().
+void SelabelInitialize() {
+ sehandle = selinux_android_file_context_handle();
+ selinux_android_set_sehandle(sehandle);
+}
+
+// A C++ wrapper around selabel_lookup() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
+ result->clear();
+
+ if (!sehandle) return true;
+
+ char* context;
+ if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
+ return false;
+ }
+ *result = context;
+ free(context);
+ return true;
+}
+
+// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+ const std::vector<std::string>& aliases, int type,
+ std::string* result) {
+ result->clear();
+
+ if (!sehandle) return true;
+
+ std::vector<const char*> c_aliases;
+ for (const auto& alias : aliases) {
+ c_aliases.emplace_back(alias.c_str());
+ }
+ c_aliases.emplace_back(nullptr);
+
+ char* context;
+ if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
+ return false;
+ }
+ *result = context;
+ free(context);
+ return true;
+}
+
+} // namespace init
+} // namespace android
diff --git a/init/selabel.h b/init/selabel.h
new file mode 100644
index 0000000..5d590b2
--- /dev/null
+++ b/init/selabel.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace android {
+namespace init {
+
+void SelabelInitialize();
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+ const std::vector<std::string>& aliases, int type,
+ std::string* result);
+
+} // namespace init
+} // namespace android
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 8a9662b..54be086 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -79,8 +79,6 @@
namespace {
-selabel_handle* sehandle = nullptr;
-
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() {
@@ -554,54 +552,5 @@
return 1;
}
-// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
-// its value. selinux_android_restorecon() also needs an sehandle for file context look up. It
-// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
-// one, thus eliminating an extra call to selinux_android_file_context_handle().
-void SelabelInitialize() {
- sehandle = selinux_android_file_context_handle();
- selinux_android_set_sehandle(sehandle);
-}
-
-// A C++ wrapper around selabel_lookup() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
- result->clear();
-
- if (!sehandle) return true;
-
- char* context;
- if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
- return false;
- }
- *result = context;
- free(context);
- return true;
-}
-
-// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContextBestMatch(const std::string& key,
- const std::vector<std::string>& aliases, int type,
- std::string* result) {
- result->clear();
-
- if (!sehandle) return true;
-
- std::vector<const char*> c_aliases;
- for (const auto& alias : aliases) {
- c_aliases.emplace_back(alias.c_str());
- }
- c_aliases.emplace_back(nullptr);
-
- char* context;
- if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
- return false;
- }
- *result = context;
- free(context);
- return true;
-}
-
} // namespace init
} // namespace android
diff --git a/init/selinux.h b/init/selinux.h
index c7d6647..63ad470 100644
--- a/init/selinux.h
+++ b/init/selinux.h
@@ -14,11 +14,7 @@
* limitations under the License.
*/
-#ifndef _INIT_SELINUX_H
-#define _INIT_SELINUX_H
-
-#include <string>
-#include <vector>
+#pragma once
namespace android {
namespace init {
@@ -29,15 +25,7 @@
void SelinuxSetupKernelLogging();
int SelinuxGetVendorAndroidVersion();
-void SelabelInitialize();
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
-bool SelabelLookupFileContextBestMatch(const std::string& key,
- const std::vector<std::string>& aliases, int type,
- std::string* result);
-
static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";
} // namespace init
} // namespace android
-
-#endif
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 467b0d2..f9eb83d 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -32,6 +32,7 @@
#if defined(__ANDROID__)
#include <android/api-level.h>
#include "property_service.h"
+#include "selabel.h"
#include "selinux.h"
#else
#include "host_init_stubs.h"
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 399ea4c..d700c46 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -37,6 +37,7 @@
#include "devices.h"
#include "firmware_handler.h"
#include "modalias_handler.h"
+#include "selabel.h"
#include "selinux.h"
#include "uevent_handler.h"
#include "uevent_listener.h"
diff --git a/init/util.cpp b/init/util.cpp
index 63d2d44..243e5f0 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -41,7 +41,7 @@
#if defined(__ANDROID__)
#include "reboot_utils.h"
-#include "selinux.h"
+#include "selabel.h"
#else
#include "host_init_stubs.h"
#endif