libselinux: add ifdef'ing for ANDROID and BUILD_HOST

On Android, certain discrepancies arise for unused functionality or
for dealing with the differences in Bionic libc. This patch includes
all the "ifdef'ing" required and introduces the BUILD_HOST define.

The BUILD_HOST define removes functionality not needed when building
libselinux for the Android build host machine.

Note that not all the libselinux src files are used to build
the host and target libraries on Android.

Change-Id: I7984e7b769c4dfa627d6cf311411fa2c93bb7ef7
Signed-off-by: William Roberts <william.c.roberts@intel.com>

libselinux/src/callbacks.c

@@ -34,7 +34,12 @@ default_selinux_audit(void *ptr __attribute__((unused)),
 static int
 default_selinux_validate(char **ctx)
 {
+#ifndef BUILD_HOST
 	return security_check_context(*ctx);
+#else
+	(void) ctx;
+	return 0;
+#endif
 }
 
 static int

libselinux/src/label_file.c

@@ -543,6 +543,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			break;
 		}
 
+#if !defined(BUILD_HOST) && !defined(ANDROID)
 	/* Process local and distribution substitution files */
 	if (!path) {
 		rec->dist_subs =
@@ -560,6 +561,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 							    rec->digest);
 	}
 
+#endif
 	rec->spec_file = strdup(path);
 
 	/*

libselinux/src/label_internal.h

@@ -16,6 +16,11 @@
 #include "dso.h"
 #include "sha1.h"
 
+#ifdef ANDROID
+// Android does not have fgets_unlocked()
+#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
+#endif
+
 /*
  * Installed backends
  */

libselinux/src/load_policy.c

@@ -11,8 +11,10 @@
 #include <string.h>
 #include <errno.h>
 #include "selinux_internal.h"
+#ifndef ANDROID
 #include <sepol/sepol.h>
 #include <sepol/policydb.h>
+#endif
 #include <dlfcn.h>
 #include "policy.h"
 #include <limits.h>
@@ -45,6 +47,7 @@ int security_load_policy(void *data, size_t len)
 
 hidden_def(security_load_policy)
 
+#ifndef ANDROID
 int load_setlocaldefs hidden = 1;
 
 #undef max
@@ -465,3 +468,4 @@ int selinux_init_load_policy(int *enforce)
 	 */
 	return -1;
 }
+#endif

libselinux/src/matchpathcon.c

@@ -7,6 +7,64 @@
 #include "callbacks.h"
 #include <limits.h>
 
+static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
+static int (*mycanoncon) (const char *p, unsigned l, char **c) =  NULL;
+
+static void
+#ifdef __GNUC__
+    __attribute__ ((format(printf, 1, 2)))
+#endif
+    default_printf(const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	vfprintf(stderr, fmt, ap);
+	va_end(ap);
+}
+
+void
+#ifdef __GNUC__
+    __attribute__ ((format(printf, 1, 2)))
+#endif
+    (*myprintf) (const char *fmt,...) = &default_printf;
+int myprintf_compat = 0;
+
+void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
+{
+	myprintf = f ? f : &default_printf;
+	myprintf_compat = 1;
+}
+
+int compat_validate(struct selabel_handle *rec,
+		    struct selabel_lookup_rec *contexts,
+		    const char *path, unsigned lineno)
+{
+	int rc;
+	char **ctx = &contexts->ctx_raw;
+
+	if (myinvalidcon)
+		rc = myinvalidcon(path, lineno, *ctx);
+	else if (mycanoncon)
+		rc = mycanoncon(path, lineno, ctx);
+	else {
+		rc = selabel_validate(rec, contexts);
+		if (rc < 0) {
+			if (lineno) {
+				COMPAT_LOG(SELINUX_WARNING,
+					    "%s: line %u has invalid context %s\n",
+						path, lineno, *ctx);
+			} else {
+				COMPAT_LOG(SELINUX_WARNING,
+					    "%s: has invalid context %s\n", path, *ctx);
+			}
+		}
+	}
+
+	return rc ? -1 : 0;
+}
+
+#ifndef BUILD_HOST
+
 static __thread struct selabel_handle *hnd;
 
 /*
@@ -54,33 +112,6 @@ static void free_array_elts(void)
 	con_array = NULL;
 }
 
-static void
-#ifdef __GNUC__
-    __attribute__ ((format(printf, 1, 2)))
-#endif
-    default_printf(const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
-}
-
-void
-#ifdef __GNUC__
-    __attribute__ ((format(printf, 1, 2)))
-#endif
-    (*myprintf) (const char *fmt,...) = &default_printf;
-int myprintf_compat = 0;
-
-void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
-{
-	myprintf = f ? f : &default_printf;
-	myprintf_compat = 1;
-}
-
-static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
-
 void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c))
 {
 	myinvalidcon = f;
@@ -104,9 +135,6 @@ static int default_canoncon(const char *path, unsigned lineno, char **context)
 	return 0;
 }
 
-static int (*mycanoncon) (const char *p, unsigned l, char **c) =
-    NULL;
-
 void set_matchpathcon_canoncon(int (*f) (const char *p, unsigned l, char **c))
 {
 	if (f)
@@ -536,30 +564,4 @@ int selinux_lsetfilecon_default(const char *path)
 	return rc;
 }
 
-int compat_validate(struct selabel_handle *rec,
-		    struct selabel_lookup_rec *contexts,
-		    const char *path, unsigned lineno)
-{
-	int rc;
-	char **ctx = &contexts->ctx_raw;
-
-	if (myinvalidcon)
-		rc = myinvalidcon(path, lineno, *ctx);
-	else if (mycanoncon)
-		rc = mycanoncon(path, lineno, ctx);
-	else {
-		rc = selabel_validate(rec, contexts);
-		if (rc < 0) {
-			if (lineno) {
-				COMPAT_LOG(SELINUX_WARNING,
-					    "%s: line %u has invalid context %s\n",
-						path, lineno, *ctx);
-			} else {
-				COMPAT_LOG(SELINUX_WARNING,
-					    "%s: has invalid context %s\n", path, *ctx);
-			}
-		}
-	}
-
-	return rc ? -1 : 0;
-}
+#endif

libselinux/src/procattr.c

@@ -22,10 +22,13 @@ static pthread_key_t destructor_key;
 static int destructor_key_initialized = 0;
 static __thread char destructor_initialized;
 
+#ifndef ANDROID
+/* Android declares this in unistd.h and has a definition for it */
 static pid_t gettid(void)
 {
 	return syscall(__NR_gettid);
 }
+#endif
 
 static void procattr_thread_destructor(void __attribute__((unused)) *unused)
 {