1This directory contains a small port of libselinux for Android. 2It was originally forked in mid-2011, circa libselinux 2.1.0. 3Some changes have been cherry-picked from the upstream libselinux. 4Upstream git repository is https://github.com/SELinuxProject/selinux 5(libselinux subdirectory) and official releases are available from 6https://github.com/SELinuxProject/selinux/wiki/Releases. 7 8This fork differs from upstream libselinux in at least the following ways: 9 10* Dependencies on glibc-specific features have been removed/replaced 11in order to work with bionic, 12 13* Legacy code and compatibility interfaces have been removed, 14 15* Many interfaces, functions, and files are omitted since they are 16unused in Android, 17 18* The python bindings are omitted since they are unused in Android, 19 20* The setrans (context translation) support has been removed since 21there is no need for MLS label translation in Android and the support 22imposes extra overhead on calls passing security contexts, 23 24* The SELinux policy files are all located in / rather than under 25/etc/selinux since /etc is not available in Android until /system 26is mounted and use fixed paths, not dependent on /etc/selinux/config, 27 28* The kernel policy file (sepolicy in Android, policy.N in Linux) does 29not include a version suffix since Android does not need to support 30booting multiple kernels, 31 32* The policy loading logic does not support automatic downgrading of 33the kernel policy file to a version known to the kernel, since this 34requires libsepol on the device and is only needed to support mixing 35and matching kernels and userspace easily, 36 37* The selabel interface and label_file backend have been extended to 38support label-by-symlink and partial matching support for use by ueventd 39in labeling device nodes based on stable symlink names and by init for 40optimizing its restorecon_recursive of /sys, 41 42* Since the fork, upstream libselinux has switched the label_file 43backend to use a binary version of the file_contexts file 44(file_contexts.bin) that contains precompiled versions of the pcre 45regexes. This reduces the time to load the file_contexts 46configuration, which in Linux can be significant due to the large 47number of entries (> 5000). As Android has far fewer entries (~400), 48this has not yet seemed necessary. 49 50* restorecon functionality, including recursive restorecon, has been 51fully implemented within new libselinux functions, along with optimizations 52to prune the tree walk if no change has occurred in file_contexts since 53the last restorecon, 54 55* Support for new Android-specific SELinux configuration files, such 56as seapp_contexts, property_contexts, and service_contexts, has been 57added. 58 59New files added for Android: 60* libselinux/include/selinux/android.h 61* libselinux/src/android.c 62* libselinux/src/label_android_property.c (later added upstream) 63