selinux: enable support for bionic, add applets in config

require libsepol package (mm in external/libsepol or add package)

Tested applets:
  getenforce, setenforce, sestatus, selinuxenabled, ls -Z, tar -c,
  getsebool, setsebool,
  runcon, matchpathcon, chcon, restorecon, setfiles

Notes:
  matchpathcon selabel_lookup was broken by the incompatible regexec
  which is now in bionic libc (netbsd part), libselinux linkage used
  busybox one, so a rename of internal regex functions was required

  recovery will not use bb_regex lib, so regex commands could not
  work exactly like xbin or static ones (sed/less/expr/awk/pgrep)
  this is already the case, and can be changed by including libregex
  package in recovery + ifdef in xregex.h

Signed-off-by: Tanguy Pruvot <[email protected]>

Change-Id: Id82b8a7672a669e3f95360bb70b7b127591f2080

Author: tpruvot

.config-full

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Busybox version: 1.22.1
-# Sun Apr  6 21:24:01 2014
+# Thu May 29 17:30:26 2014
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -23,7 +23,7 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
 CONFIG_SHOW_USAGE=y
 CONFIG_FEATURE_VERBOSE_USAGE=y
 CONFIG_FEATURE_COMPRESS_USAGE=y
-# CONFIG_FEATURE_INSTALLER is not set
+CONFIG_FEATURE_INSTALLER=y
 CONFIG_INSTALL_NO_USR=y
 # CONFIG_LOCALE_SUPPORT is not set
 CONFIG_UNICODE_SUPPORT=y
@@ -46,7 +46,7 @@ CONFIG_PID_FILE_PATH=""
 CONFIG_FEATURE_SUID=y
 # CONFIG_FEATURE_SUID_CONFIG is not set
 # CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 # CONFIG_FEATURE_PREFER_APPLETS is not set
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
@@ -167,7 +167,7 @@ CONFIG_FEATURE_TAR_LONG_OPTIONS=y
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 CONFIG_FEATURE_TAR_UNAME_GNAME=y
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -945,21 +945,25 @@ CONFIG_SV_DEFAULT_SERVICE_DIR=""
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
 # CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
+CONFIG_RUNCON=y
+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
 # CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells

.config-minimal

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Busybox version: 1.22.1
-# Sun Apr  6 21:23:53 2014
+# Thu May 29 17:30:21 2014
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -46,7 +46,7 @@ CONFIG_PID_FILE_PATH=""
 CONFIG_FEATURE_SUID=y
 # CONFIG_FEATURE_SUID_CONFIG is not set
 # CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 # CONFIG_FEATURE_PREFER_APPLETS is not set
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 # CONFIG_FEATURE_SYSLOG is not set
@@ -167,7 +167,7 @@ CONFIG_FEATURE_TAR_LONG_OPTIONS=y
 # CONFIG_FEATURE_TAR_TO_COMMAND is not set
 # CONFIG_FEATURE_TAR_UNAME_GNAME is not set
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -941,21 +941,25 @@ CONFIG_SV_DEFAULT_SERVICE_DIR=""
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
 # CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
 # CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
 # CONFIG_RUNCON is not set
 # CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
 # CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells

Android.mk

@@ -7,7 +7,7 @@ BIONIC_ICS := true
 
 # Make a static library for regex.
 include $(CLEAR_VARS)
-LOCAL_SRC_FILES := android/regex/regex.c
+LOCAL_SRC_FILES := android/regex/bb_regex.c
 LOCAL_C_INCLUDES := $(BB_PATH)/android/regex
 LOCAL_CFLAGS := -Wno-sign-compare
 LOCAL_MODULE := libclearsilverregex
@@ -113,6 +113,8 @@ BUSYBOX_C_INCLUDES = \
 	bionic/libm/include \
 	bionic/libm \
 	libc/kernel/common \
+	external/libselinux/include \
+	external/libsepol/include \
 	$(BB_PATH)/android/regex \
 	$(BB_PATH)/android/librpc
 
@@ -139,6 +141,7 @@ LOCAL_SRC_FILES := $(BUSYBOX_SRC_FILES)
 LOCAL_C_INCLUDES := $(BUSYBOX_C_INCLUDES)
 LOCAL_CFLAGS := -Dmain=busybox_driver $(BUSYBOX_CFLAGS)
 LOCAL_CFLAGS += \
+  -DRECOVERY_VERSION \
   -Dgetusershell=busybox_getusershell \
   -Dsetusershell=busybox_setusershell \
   -Dendusershell=busybox_endusershell \
@@ -148,7 +151,7 @@ LOCAL_CFLAGS += \
   -Dgenerate_uuid=busybox_generate_uuid
 LOCAL_MODULE := libbusybox
 LOCAL_MODULE_TAGS := eng debug
-LOCAL_STATIC_LIBRARIES := libcutils libc libm
+LOCAL_STATIC_LIBRARIES := libcutils libc libm libselinux libsepol
 $(LOCAL_MODULE): busybox_prepare
 include $(BUILD_STATIC_LIBRARY)
 
@@ -171,7 +174,7 @@ LOCAL_MODULE := busybox
 LOCAL_MODULE_TAGS := eng debug
 LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
 LOCAL_SHARED_LIBRARIES := libc libcutils libm
-LOCAL_STATIC_LIBRARIES := libclearsilverregex libuclibcrpc
+LOCAL_STATIC_LIBRARIES := libclearsilverregex libuclibcrpc libselinux libsepol
 $(LOCAL_MODULE): busybox_prepare
 include $(BUILD_EXECUTABLE)
 
@@ -217,7 +220,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
 LOCAL_MODULE := static_busybox
 LOCAL_MODULE_STEM := busybox
 LOCAL_MODULE_TAGS := optional
-LOCAL_STATIC_LIBRARIES := libclearsilverregex libc libcutils libm libuclibcrpc
+LOCAL_STATIC_LIBRARIES := libclearsilverregex libc libcutils libm libuclibcrpc libselinux libsepol
 LOCAL_MODULE_CLASS := UTILITY_EXECUTABLES
 LOCAL_MODULE_PATH := $(PRODUCT_OUT)/utilities
 LOCAL_UNSTRIPPED_PATH := $(PRODUCT_OUT)/symbols/utilities

android/regex/regex.c android/regex/bb_regex.candroid/regex/regex.c renamed to android/regex/bb_regex.c

@@ -161,7 +161,7 @@ init_syntax_once ()
 #endif /* not emacs */
 
 /* Get the interface, including the syntax bits.  */
-#include "regex.h"
+#include "bb_regex.h"
 
 /* isalpha etc. are used for the character classes.  */
 #include <ctype.h>
@@ -922,7 +922,7 @@ reg_syntax_t re_syntax_options;
    defined in regex.h.	We return the old syntax.  */
 
 reg_syntax_t
-re_set_syntax (syntax)
+bb_re_set_syntax (syntax)
     reg_syntax_t syntax;
 {
   reg_syntax_t ret = re_syntax_options;
@@ -2917,7 +2917,7 @@ compile_range (p_ptr, pend, translate, syntax, b)
    Returns 0 if we succeed, -2 if an internal error.   */
 
 int
-re_compile_fastmap (bufp)
+bb_re_compile_fastmap (bufp)
      struct re_pattern_buffer *bufp;
 {
   int j, k;
@@ -3223,7 +3223,7 @@ re_compile_fastmap (bufp)
    freeing the old data.  */
 
 void
-re_set_registers (bufp, regs, num_regs, starts, ends)
+bb_re_set_registers (bufp, regs, num_regs, starts, ends)
     struct re_pattern_buffer *bufp;
     struct re_registers *regs;
     unsigned num_regs;
@@ -3250,13 +3250,13 @@ re_set_registers (bufp, regs, num_regs, starts, ends)
    doesn't let you say where to stop matching. */
 
 int
-re_search (bufp, string, size, startpos, range, regs)
+bb_re_search (bufp, string, size, startpos, range, regs)
      struct re_pattern_buffer *bufp;
      const char *string;
      int size, startpos, range;
      struct re_registers *regs;
 {
-  return re_search_2 (bufp, NULL, 0, string, size, startpos, range,
+  return bb_re_search_2 (bufp, NULL, 0, string, size, startpos, range,
 		      regs, size);
 }
 
@@ -3283,7 +3283,7 @@ re_search (bufp, string, size, startpos, range, regs)
    stack overflow).  */
 
 int
-re_search_2 (bufp, string1, size1, string2, size2, startpos, range, regs, stop)
+bb_re_search_2 (bufp, string1, size1, string2, size2, startpos, range, regs, stop)
      struct re_pattern_buffer *bufp;
      const char *string1, *string2;
      int size1, size2;
@@ -3334,7 +3334,7 @@ re_search_2 (bufp, string1, size1, string2, size2, startpos, range, regs, stop)
 
   /* Update the fastmap now if not correct already.  */
   if (fastmap && !bufp->fastmap_accurate)
-    if (re_compile_fastmap (bufp) == -2)
+    if (bb_re_compile_fastmap (bufp) == -2)
       return -2;
 
   /* See whether the pattern is anchored.  */
@@ -3526,7 +3526,7 @@ static boolean alt_match_null_string_p (),
 /* re_match is like re_match_2 except it takes only a single string.  */
 
 int
-re_match (bufp, string, size, pos, regs)
+bb_re_match (bufp, string, size, pos, regs)
      struct re_pattern_buffer *bufp;
      const char *string;
      int size, pos;
@@ -3554,7 +3554,7 @@ re_match (bufp, string, size, pos, regs)
    matched substring.  */
 
 int
-re_match_2 (bufp, string1, size1, string2, size2, pos, regs, stop)
+bb_re_match_2 (bufp, string1, size1, string2, size2, pos, regs, stop)
      struct re_pattern_buffer *bufp;
      const char *string1, *string2;
      int size1, size2;
@@ -5186,7 +5186,7 @@ bcmp_translate (s1, s2, len, translate)
    We call regex_compile to do the actual compilation.	*/
 
 const char *
-re_compile_pattern (pattern, length, bufp)
+bb_re_compile_pattern (pattern, length, bufp)
      const char *pattern;
      int length;
      struct re_pattern_buffer *bufp;
@@ -5227,7 +5227,7 @@ char *
    regcomp/regexec below without link errors.  */
 weak_function
 #endif
-re_comp (s)
+bb_re_comp (s)
     const char *s;
 {
   reg_errcode_t ret;
@@ -5271,12 +5271,12 @@ int
 #ifdef _LIBC
 weak_function
 #endif
-re_exec (s)
+bb_re_exec (s)
     const char *s;
 {
   const int len = strlen (s);
   return
-    0 <= re_search (&re_comp_buf, s, len, 0, len, (struct re_registers *) 0);
+    0 <= bb_re_search (&re_comp_buf, s, len, 0, len, (struct re_registers *) 0);
 }
 #endif /* _REGEX_RE_COMP */
 
@@ -5321,7 +5321,7 @@ int
 #ifdef _LIBC
 weak_function
 #endif
-regcomp (preg, pattern, cflags)
+bb_regcomp (preg, pattern, cflags)
     regex_t *preg;
     const char *pattern;
     int cflags;
@@ -5401,7 +5401,7 @@ int
 #ifdef _LIBC
 weak_function
 #endif
-regexec (preg, string, nmatch, pmatch, eflags)
+bb_regexec (preg, string, nmatch, pmatch, eflags)
     const regex_t *preg;
     const char *string;
     size_t nmatch;
@@ -5434,7 +5434,7 @@ regexec (preg, string, nmatch, pmatch, eflags)
     }
 
   /* Perform the searching operation.  */
-  ret = re_search (&private_preg, string, len,
+  ret = bb_re_search (&private_preg, string, len,
 		   /* start: */ 0, /* range: */ len,
 		   want_reg_info ? &regs : (struct re_registers *) 0);
 
@@ -5471,7 +5471,7 @@ size_t
    regcomp/regexec below without link errors.  */
 weak_function
 #endif
-regerror (errcode, preg, errbuf, errbuf_size)
+bb_regerror (errcode, preg, errbuf, errbuf_size)
     int errcode;
     const regex_t *preg;
     char *errbuf;
@@ -5516,7 +5516,7 @@ void
    regcomp/regexec below without link errors.  */
 weak_function
 #endif
-regfree (preg)
+bb_regfree (preg)
     regex_t *preg;
 {
   if (preg->buffer != NULL)