busybox.config: SELinux support?

[Manouchehri]

As someone pointed out in #termux, our busybox build doesn't support SELinux features such as ls -Z to show the security contexts of files.

Is there a reason for this, or should we change our busybox.config to optionally have SELinux support?

https://github.com/ukanth/afwall/wiki/HOWTO-Compiling-busybox#steps-for-selinux-enabled-busybox

https://github.com/ukanth/afwall/wiki/BusyBox#difference-between-selinux-and-non-selinux-busybox

[Rowdster]

Curious to a couple of things.

1. Did you ever get an answer to this?
2. I oddly, randomly have a busybox with some limited selinux support. For example, it supports ls -Z. I'm not sure how I landed on this jewel, and it's not even particularly new.

On my nvidia shield TV, rooted:
BusyBox v1.21.0 (2013-07-08 16:00:47 CEST) multi-call binary.

Can you make any sense of this? http://lists.busybox.net/pipermail/buildroot/2015-June/129315.html

[Grief]

There is an ls tool in coreutils package which has -Z key, however I get question marks ? for every file. Not sure where the issue is, is it a broken ls or I do something wrong though.

[ghost]

@Grief ls from coreutils always has option -Z. Regardless of SELinux enabled or disabled. This is not a bug.

On my PC it has same behaviour since it is not linked with libselinux:

xeffyr@archlinux-pc-xeffyr:~/test:$ touch a b c
xeffyr@archlinux-pc-xeffyr:~/test:$ ls -Z
? a  ? b  ? c
xeffyr@archlinux-pc-xeffyr:~/test:$ ls -Z -l
итого 0
-rw------- 1 xeffyr xeffyr ? 0 ноя  8 15:42 a
-rw------- 1 xeffyr xeffyr ? 0 ноя  8 15:42 b
-rw------- 1 xeffyr xeffyr ? 0 ноя  8 15:42 c
xeffyr@archlinux-pc-xeffyr:~/test:$ ldd /bin/ls
	linux-vdso.so.1 (0x00007fffe97a0000)
	libcap.so.2 => /usr/lib/libcap.so.2 (0x00007fea43a2c000)
	libc.so.6 => /usr/lib/libc.so.6 (0x00007fea43868000)
	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fea43c92000)

Since Termux doesn't have SELinux support, ls -Z will not work.

[isrgish]

It does work in Termux when I use ls from /system/bin/. So that seems to show that there is support for this in Termux.

[ghost]

@isrgish Did you understand what I wrote ? Of course, /system/bin/ls will work. Just linked with libselinux.so...

There no support for SELinux in termux-packages. Maybe one day it will be added.

Library libselinux.so should be built from Android's source. But no guarantee that it will work on different Android's versions.

[isrgish]

I guess then my question is when/if this will be added?

[stale]

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Manouchehri]

Any progress? =)

[stale]

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.