Make SELinux support a feature

build.py

@@ -270,10 +270,7 @@ def run_cargo_build(args):
         return
 
     # Start building the actual build commands
-    cmds = ["build"]
-    for target in targets:
-        cmds.append("-p")
-        cmds.append(target)
+    cmds = ["build", "-p", ""]
     rust_out = "debug"
     if args.release:
         cmds.append("-r")
@@ -289,9 +286,12 @@ def run_cargo_build(args):
             "thumbv7neon-linux-androideabi" if triple.startswith("armv7") else triple
         )
         cmds[-1] = rust_triple
-        proc = run_cargo(cmds, triple)
-        if proc.returncode != 0:
-            error("Build binary failed!")
+
+        for target in targets:
+            cmds[2] = target
+            proc = run_cargo(cmds, triple)
+            if proc.returncode != 0:
+                error("Build binary failed!")
 
         arch_out = op.join(native_out, arch)
         mkdir(arch_out)

native/src/base/Cargo.toml

@@ -6,6 +6,10 @@ edition = "2021"
 [lib]
 path = "lib.rs"
 
+[features]
+selinux = []
+dyn_selinux = []
+
 [build-dependencies]
 cxx-gen = { workspace = true }
 

native/src/base/files.rs

@@ -8,7 +8,6 @@ use std::os::android::fs::MetadataExt;
 use std::os::fd::{AsFd, BorrowedFd, IntoRawFd};
 use std::os::unix::fs::FileTypeExt;
 use std::os::unix::io::{AsRawFd, FromRawFd, OwnedFd, RawFd};
-use std::sync::atomic::{AtomicBool, Ordering};
 use std::{io, mem, ptr, slice};
 
 use bytemuck::{bytes_of_mut, Pod};
@@ -140,16 +139,23 @@ impl<T: Write> WriteExt for T {
 
 pub struct FileAttr {
     pub st: libc::stat,
+    #[cfg(feature = "selinux")]
     pub con: Utf8CStrBufArr<128>,
 }
 
-const XATTR_NAME_SELINUX: &[u8] = b"security.selinux\0";
-static SELINUX_ENABLED: AtomicBool = AtomicBool::new(false);
-
-pub fn enable_selinux() {
-    SELINUX_ENABLED.store(true, Ordering::Relaxed);
+impl FileAttr {
+    fn new() -> Self {
+        FileAttr {
+            st: unsafe { mem::zeroed() },
+            #[cfg(feature = "selinux")]
+            con: Utf8CStrBufArr::new(),
+        }
+    }
 }
 
+#[cfg(feature = "selinux")]
+const XATTR_NAME_SELINUX: &[u8] = b"security.selinux\0";
+
 pub struct DirEntry<'a> {
     dir: &'a Directory,
     entry: &'a dirent,
@@ -625,14 +631,12 @@ impl FsPath {
     }
 
     pub fn get_attr(&self) -> io::Result<FileAttr> {
-        let mut attr: FileAttr;
+        let mut attr = FileAttr::new();
         unsafe {
-            attr = FileAttr {
-                st: mem::zeroed(),
-                con: Utf8CStrBufArr::new(),
-            };
             libc::lstat(self.as_ptr(), &mut attr.st).as_os_err()?;
-            if SELINUX_ENABLED.load(Ordering::Relaxed) {
+
+            #[cfg(feature = "selinux")]
+            {
                 let sz = libc::lgetxattr(
                     self.as_ptr(),
                     XATTR_NAME_SELINUX.as_ptr().cast(),
@@ -652,6 +656,8 @@ impl FsPath {
                 libc::chmod(self.as_ptr(), (attr.st.st_mode & 0o777).as_()).as_os_err()?;
             }
             libc::lchown(self.as_ptr(), attr.st.st_uid, attr.st.st_gid).as_os_err()?;
+
+            #[cfg(feature = "selinux")]
             if !attr.con.is_empty() {
                 libc::lsetxattr(
                     self.as_ptr(),
@@ -721,14 +727,12 @@ impl FsPath {
 }
 
 pub fn fd_get_attr(fd: RawFd) -> io::Result<FileAttr> {
-    let mut attr: FileAttr;
+    let mut attr = FileAttr::new();
     unsafe {
-        attr = FileAttr {
-            st: mem::zeroed(),
-            con: Utf8CStrBufArr::new(),
-        };
         libc::fstat(fd, &mut attr.st).as_os_err()?;
-        if SELINUX_ENABLED.load(Ordering::Relaxed) {
+
+        #[cfg(feature = "selinux")]
+        {
             let sz = libc::fgetxattr(
                 fd,
                 XATTR_NAME_SELINUX.as_ptr().cast(),
@@ -746,6 +750,8 @@ pub fn fd_set_attr(fd: RawFd, attr: &FileAttr) -> io::Result<()> {
     unsafe {
         libc::fchmod(fd, (attr.st.st_mode & 0o777).as_()).as_os_err()?;
         libc::fchown(fd, attr.st.st_uid, attr.st.st_gid).as_os_err()?;
+
+        #[cfg(feature = "selinux")]
         if !attr.con.is_empty() {
             libc::fsetxattr(
                 fd,

native/src/base/lib.rs

@@ -44,7 +44,6 @@ pub mod ffi {
         fn set_log_level_state_cxx(level: LogLevelCxx, enabled: bool);
         fn exit_on_error(b: bool);
         fn cmdline_logging();
-        fn enable_selinux();
     }
 
     #[namespace = "rust"]

native/src/core/Cargo.toml

@@ -12,7 +12,7 @@ cxx-gen = { workspace = true }
 pb-rs = { workspace = true }
 
 [dependencies]
-base = { path = "../base" }
+base = { path = "../base", features = ["selinux"] }
 cxx = { workspace = true }
 num-traits = { workspace = true }
 num-derive = { workspace = true }

native/src/core/applet_stub.cpp

@@ -7,7 +7,6 @@
 int main(int argc, char *argv[]) {
     if (argc < 1)
         return 1;
-    enable_selinux();
     cmdline_logging();
     init_argv0(argc, argv);
     umask(0);

native/src/core/applets.cpp

@@ -26,7 +26,6 @@ int main(int argc, char *argv[]) {
     if (argc < 1)
         return 1;
 
-    enable_selinux();
     cmdline_logging();
     init_argv0(argc, argv);