android-9.0.0_r61 patches

2023-10-05 22:39:22 +08:00
parent 629a8db239
commit da422ab6de
16 changed files with 3362 additions and 0 deletions
--- a/android-9.0.0_r61/external/minijail/0001-disable-seccomp.patch
+++ b/android-9.0.0_r61/external/minijail/0001-disable-seccomp.patch
@@ -0,0 +1,32 @@
+From 0323a592bebe3d5dfb42cc4f1ac4e36075faa8f4 Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Mon, 26 Apr 2021 22:55:03 +0800
+Subject: [PATCH] disable seccomp
+
+---
+ libminijail.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libminijail.c b/libminijail.c
+index f9fb0e9..cb5c482 100644
+--- a/libminijail.c
+++ b/libminijail.c
+@@ -1830,6 +1830,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 	/*
+ 	 * Install the syscall filter.
+ 	 */
+#if 0 // HACKED
+ 	if (j->flags.seccomp_filter) {
+ 		if (j->flags.seccomp_filter_tsync) {
+ 			if (sys_seccomp(SECCOMP_SET_MODE_FILTER,
+@@ -1844,6 +1845,7 @@ static void set_seccomp_filter(const struct minijail *j)
+ 			}
+ 		}
+ 	}
+#endif
+ }
+ 
+ static pid_t forward_pid = -1;
+-- 
+2.34.1
+
--- a/android-9.0.0_r61/external/selinux/0001-ignore-selinux.patch
+++ b/android-9.0.0_r61/external/selinux/0001-ignore-selinux.patch
@@ -0,0 +1,192 @@
+From 673fb05c5508643173705d87b129fc6ff406f1cf Mon Sep 17 00:00:00 2001
+From: Ziyang Zhou <ziyang.zhou@outlook.com>
+Date: Sun, 9 May 2021 23:12:46 +0800
+Subject: [PATCH] ignore selinux
+
+---
+ libselinux/include/selinux/selinux.h      | 4 ++++
+ libselinux/src/android/android_platform.c | 6 ++++++
+ libselinux/src/checkAccess.c              | 1 +
+ libselinux/src/getenforce.c               | 1 +
+ libselinux/src/getpeercon.c               | 1 +
+ libselinux/src/init.c                     | 1 +
+ libselinux/src/label.c                    | 1 +
+ libselinux/src/lgetfilecon.c              | 1 +
+ libselinux/src/lsetfilecon.c              | 1 +
+ libselinux/src/procattr.c                 | 2 ++
+ 10 files changed, 19 insertions(+)
+
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index 01201ee..86db829 100644
+--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
+@@ -4,6 +4,10 @@
+ #include <sys/types.h>
+ #include <stdarg.h>
+ 
+#define SE_HACK
+#define se_hack() if (1) return
+#define se_hack1(p) if (1) return p
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff --git a/libselinux/src/android/android_platform.c b/libselinux/src/android/android_platform.c
+index 69566eb..cd6989c 100644
+--- a/libselinux/src/android/android_platform.c
+++ b/libselinux/src/android/android_platform.c
+@@ -158,6 +158,7 @@ static struct selabel_handle* selinux_android_file_context(const struct selinux_
+ 
+ struct selabel_handle* selinux_android_file_context_handle(void)
+ {
+    se_hack1(NULL);
+     struct selinux_opt seopts_file[MAX_FILE_CONTEXT_SIZE];
+     int size = 0;
+     unsigned int i;
+@@ -184,6 +185,7 @@ struct selabel_handle* selinux_android_file_context_handle(void)
+ 
+ struct selabel_handle* selinux_android_prop_context_handle(void)
+ {
+    se_hack1(NULL);
+     struct selabel_handle* sehandle;
+     struct selinux_opt seopts_prop[MAX_FILE_CONTEXT_SIZE];
+     int size = 0;
+@@ -1098,6 +1100,7 @@ oom:
+ 
+ int selinux_android_setcon(const char *con)
+ {
+    se_hack1(0);
+ 	int ret = setcon(con);
+ 	if (ret)
+ 		return ret;
+@@ -1114,6 +1117,7 @@ int selinux_android_setcontext(uid_t uid,
+ 			       const char *seinfo,
+ 			       const char *pkgname)
+ {
+    se_hack1(0);
+ 	char *orig_ctx_str = NULL, *ctx_str;
+ 	context_t ctx = NULL;
+ 	int rc = -1;
+@@ -1452,6 +1456,7 @@ static int selinux_android_restorecon_common(const char* pathname_orig,
+                                              uid_t uid,
+                                              unsigned int flags)
+ {
+    se_hack1(0);
+     bool nochange = (flags & SELINUX_ANDROID_RESTORECON_NOCHANGE) ? true : false;
+     bool verbose = (flags & SELINUX_ANDROID_RESTORECON_VERBOSE) ? true : false;
+     bool recurse = (flags & SELINUX_ANDROID_RESTORECON_RECURSE) ? true : false;
+@@ -1665,6 +1670,7 @@ void selinux_android_set_sehandle(const struct selabel_handle *hndl)
+ 
+ int selinux_android_load_policy()
+ {
+    se_hack1(0);
+ 	int fd = -1;
+ 
+ 	fd = open(sepolicy_file, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
+index 8de5747..e1048d8 100644
+--- a/libselinux/src/checkAccess.c
+++ b/libselinux/src/checkAccess.c
+@@ -33,6 +33,7 @@ static void avc_init_once(void)
+ }
+ 
+ int selinux_check_access(const char *scon, const char *tcon, const char *class, const char *perm, void *aux) {
+    se_hack1(0);
+ 	int rc;
+ 	security_id_t scon_id;
+ 	security_id_t tcon_id;
+diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c
+index d909dce..fb782b7 100644
+--- a/libselinux/src/getenforce.c
+++ b/libselinux/src/getenforce.c
+@@ -11,6 +11,7 @@
+ 
+ int security_getenforce(void)
+ {
+	se_hack1(0);
+ 	int fd, ret, enforce = 0;
+ 	char path[PATH_MAX];
+ 	char buf[20];
+diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c
+index 3a77a2d..f8dab8e 100644
+--- a/libselinux/src/getpeercon.c
+++ b/libselinux/src/getpeercon.c
+@@ -47,6 +47,7 @@ hidden_def(getpeercon_raw)
+ 
+ int getpeercon(int fd, char ** context)
+ {
+    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/init.c b/libselinux/src/init.c
+index 2690a72..24a212d 100644
+--- a/libselinux/src/init.c
+++ b/libselinux/src/init.c
+@@ -142,6 +142,7 @@ hidden_def(fini_selinuxmnt)
+ 
+ void set_selinuxmnt(const char *mnt)
+ {
+    se_hack();
+ 	selinux_mnt = strdup(mnt);
+ }
+ 
+diff --git a/libselinux/src/label.c b/libselinux/src/label.c
+index c051e9f..b526316 100644
+--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
+@@ -285,6 +285,7 @@ bool selabel_partial_match(struct selabel_handle *rec, const char *key)
+ int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
+ 			      const char *key, const char **aliases, int type)
+ {
+    se_hack1((*con = calloc(7, 1), memcpy(*con, "HACKED", 6), 0));
+ 	struct selabel_lookup_rec *lr;
+ 
+ 	if (!rec->func_lookup_best_match) {
+diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c
+index db67bc6..7123480 100644
+--- a/libselinux/src/lgetfilecon.c
+++ b/libselinux/src/lgetfilecon.c
+@@ -53,6 +53,7 @@ hidden_def(lgetfilecon_raw)
+ 
+ int lgetfilecon(const char *path, char ** context)
+ {
+    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext = NULL;
+ 
+diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
+index 1d3b28a..7062703 100644
+--- a/libselinux/src/lsetfilecon.c
+++ b/libselinux/src/lsetfilecon.c
+@@ -29,6 +29,7 @@ hidden_def(lsetfilecon_raw)
+ 
+ int lsetfilecon(const char *path, const char *context)
+ {
+    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
+index 48dd8af..ab516e2 100644
+--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
+@@ -184,6 +184,7 @@ static int getprocattrcon_raw(char ** context,
+ static int getprocattrcon(char ** context,
+ 			  pid_t pid, const char *attr)
+ {
+    se_hack1((*context = calloc(7, 1), memcpy(*context, "HACKED", 6), 0));
+ 	int ret;
+ 	char * rcontext;
+ 
+@@ -269,6 +270,7 @@ out:
+ static int setprocattrcon(const char * context,
+ 			  pid_t pid, const char *attr)
+ {
+    se_hack1(0);
+ 	int ret;
+ 	char * rcontext;
+ 
+-- 
+2.34.1
+