Fix build with modern NDK and policy parsing on newer Android devices

jni/Application.mk

@@ -1,2 +1,2 @@
-APP_ABI := armeabi armeabi-v7a arm64-v8a mips mips64 x86 x86_64
-APP_PLATFORM := android-16
+APP_ABI := armeabi-v7a arm64-v8a x86 x86_64
+APP_PLATFORM := android-21

jni/libapol/render.c

@@ -26,6 +26,7 @@
 
 #include <config.h>
 
+#include <unistd.h>
 #include <apol/context-query.h>
 #include <apol/policy.h>
 #include <apol/render.h>

jni/libapol/util.c

@@ -49,6 +49,7 @@
 #define APOL_LINE_SZ 8192
 #define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR"
 
+#ifndef __BIONIC__
 void swab(const void *from, void *to, ssize_t n)
 {
 	uint16_t *tmp = (uint16_t *)to;
@@ -59,6 +60,7 @@ void swab(const void *from, void *to, ssize_t n)
 		tmp[i] = bswap_16(((uint16_t *)from)[i]);
 	}
 }
+#endif
 
 const char *libapol_get_version(void)
 {

jni/libsepol/include/sepol/policydb/avtab.h

@@ -74,6 +74,7 @@ typedef struct avtab_extended_perms {
 
 #define AVTAB_XPERMS_IOCTLFUNCTION	0x01
 #define AVTAB_XPERMS_IOCTLDRIVER	0x02
+#define AVTAB_XPERMS_NLMSG		0x03
 	/* extension of the avtab_key specified */
 	uint8_t specified;
 	uint8_t driver;

jni/libsepol/src/avtab.c

@@ -423,12 +423,14 @@ static uint16_t spec_order[] = {
 	AVTAB_ALLOWED,
 	AVTAB_AUDITDENY,
 	AVTAB_AUDITALLOW,
+	AVTAB_NEVERALLOW,
 	AVTAB_TRANSITION,
 	AVTAB_CHANGE,
 	AVTAB_MEMBER,
 	AVTAB_XPERMS_ALLOWED,
 	AVTAB_XPERMS_AUDITALLOW,
-	AVTAB_XPERMS_DONTAUDIT
+	AVTAB_XPERMS_DONTAUDIT,
+	AVTAB_XPERMS_NEVERALLOW
 };
 
 int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
@@ -549,11 +551,11 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
 	}
 
 	if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
-			(key.specified & AVTAB_XPERMS)) {
+			(key.specified & (AVTAB_XPERMS | AVTAB_XPERMS_NEVERALLOW))) {
 		ERR(fp->handle, "policy version %u does not support extended "
 				"permissions rules and one was specified\n", vers);
 		return -1;
-	} else if (key.specified & AVTAB_XPERMS) {
+	} else if (key.specified & (AVTAB_XPERMS | AVTAB_XPERMS_NEVERALLOW)) {
 		rc = next_entry(&buf8, fp, sizeof(uint8_t));
 		if (rc < 0) {
 			ERR(fp->handle, "truncated entry");
@@ -563,6 +565,7 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
 		if (avtab_android_m_compat ||
 				((xperms.specified != AVTAB_XPERMS_IOCTLFUNCTION) &&
 				(xperms.specified != AVTAB_XPERMS_IOCTLDRIVER) &&
+				(xperms.specified != AVTAB_XPERMS_NLMSG) &&
 				(vers == POLICYDB_VERSION_XPERMS_IOCTL))) {
 			xperms.driver = xperms.specified;
 			if (android_m_compat_optype)