• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This directory contains a small port of libselinux for Android.
2It was originally forked in mid-2011, circa libselinux 2.1.0.
3Some changes have been cherry-picked from the upstream libselinux.
4Upstream git repository is https://github.com/SELinuxProject/selinux
5(libselinux subdirectory) and official releases are available from
6https://github.com/SELinuxProject/selinux/wiki/Releases.
7
8This fork differs from upstream libselinux in at least the following ways:
9
10* Dependencies on glibc-specific features have been removed/replaced
11in order to work with bionic,
12
13* Legacy code and compatibility interfaces have been removed,
14
15* Many interfaces, functions, and files are omitted since they are
16unused in Android,
17
18* The python bindings are omitted since they are unused in Android,
19
20* The setrans (context translation) support has been removed since
21there is no need for MLS label translation in Android and the support
22imposes extra overhead on calls passing security contexts,
23
24* The SELinux policy files are all located in / rather than under
25/etc/selinux since /etc is not available in Android until /system
26is mounted and use fixed paths, not dependent on /etc/selinux/config,
27
28* The kernel policy file (sepolicy in Android, policy.N in Linux) does
29not include a version suffix since Android does not need to support
30booting multiple kernels,
31
32* The policy loading logic does not support automatic downgrading of
33the kernel policy file to a version known to the kernel, since this
34requires libsepol on the device and is only needed to support mixing
35and matching kernels and userspace easily,
36
37* The selabel interface and label_file backend have been extended to
38support label-by-symlink and partial matching support for use by ueventd
39in labeling device nodes based on stable symlink names and by init for
40optimizing its restorecon_recursive of /sys,
41
42* Since the fork, upstream libselinux has switched the label_file
43backend to use a binary version of the file_contexts file
44(file_contexts.bin) that contains precompiled versions of the pcre
45regexes.  This reduces the time to load the file_contexts
46configuration, which in Linux can be significant due to the large
47number of entries (> 5000).  As Android has far fewer entries (~400),
48this has not yet seemed necessary.
49
50* restorecon functionality, including recursive restorecon, has been
51fully implemented within new libselinux functions, along with optimizations
52to prune the tree walk if no change has occurred in file_contexts since
53the last restorecon,
54
55* Support for new Android-specific SELinux configuration files, such
56as seapp_contexts, property_contexts, and service_contexts, has been
57added.
58
59New files added for Android:
60* libselinux/include/selinux/android.h
61* libselinux/src/android.c
62* libselinux/src/label_android_property.c (later added upstream)
63