Skip to content
Snippets Groups Projects
Select Git revision
  • 7fc865a4caec1a2ced41918449e34596f50f8c43
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

mls

Blame
    • Stephen Smalley's avatar
      025b7df2
      sepolicy: Clean up mls constraints. · 025b7df2
      Stephen Smalley authored 
      
Require equivalence for all write operations.  We were already
doing this for app_data_file as a result of restricting open
rather than read/write, so this makes the model consistent across
all objects and operations.  It also addresses the scenario where
we have mixed usage of levelFrom=all and levelFrom=user for
different apps on the same device where the dominated-by (domby)
relation may not be sufficiently restrictive.

Drop the System V IPC constraints since System V IPC is never allowed
by TE and thus these constraints are dead policy.

Change-Id: Ic06a35030c086e3978c02d501c380889af8d21e0
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      025b7df2
      History
      sepolicy: Clean up mls constraints.
      Stephen Smalley authored 
      
Require equivalence for all write operations.  We were already
doing this for app_data_file as a result of restricting open
rather than read/write, so this makes the model consistent across
all objects and operations.  It also addresses the scenario where
we have mixed usage of levelFrom=all and levelFrom=user for
different apps on the same device where the dominated-by (domby)
relation may not be sufficiently restrictive.

Drop the System V IPC constraints since System V IPC is never allowed
by TE and thus these constraints are dead policy.

Change-Id: Ic06a35030c086e3978c02d501c380889af8d21e0
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Tokenizer.cpp 4.80 KiB 
    /*
 * Copyright (C) 2010 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#define LOG_TAG "Tokenizer"

#include <utils/Tokenizer.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <utils/Log.h>

// Enables debug output for the tokenizer.
#define DEBUG_TOKENIZER 0


namespace android {

static inline bool isDelimiter(char ch, const char* delimiters) {
    return strchr(delimiters, ch) != nullptr;
}

Tokenizer::Tokenizer(const String8& filename, FileMap* fileMap, char* buffer,
        bool ownBuffer, size_t length) :
        mFilename(filename), mFileMap(fileMap),
        mBuffer(buffer), mOwnBuffer(ownBuffer), mLength(length),
        mCurrent(buffer), mLineNumber(1) {
}

Tokenizer::~Tokenizer() {
    delete mFileMap;
    if (mOwnBuffer) {
        delete[] mBuffer;
    }
}

status_t Tokenizer::open(const String8& filename, Tokenizer** outTokenizer) {
    *outTokenizer = nullptr;

    int result = NO_ERROR;
    int fd = ::open(filename.string(), O_RDONLY);
    if (fd < 0) {
        result = -errno;
        ALOGE("Error opening file '%s': %s", filename.string(), strerror(errno));
    } else {
        struct stat stat;
        if (fstat(fd, &stat)) {
            result = -errno;
            ALOGE("Error getting size of file '%s': %s", filename.string(), strerror(errno));
        } else {
            size_t length = size_t(stat.st_size);

            FileMap* fileMap = new FileMap();
            bool ownBuffer = false;
            char* buffer;
            if (fileMap->create(nullptr, fd, 0, length, true)) {
                fileMap->advise(FileMap::SEQUENTIAL);
                buffer = static_cast<char*>(fileMap->getDataPtr());
            } else {