Next attempt at rolling forward aosp/2200430. It appears the
first-stage-init did not create the /dev/selinux folder on GSI
instances, resulting in breakages when selinux.cpp tries to copy files
to that folder.
To verify these changes for b/244793900, follow
gpaste/4922166775644160
Bug: 243923977
Test: atest SeamendcHostTest
Change-Id: I2bc630cfaad697d44053adcfd639a06e3510cc72
Revert "Add seamendc tests for sdk_sandbox in apex sepolicy"
Revert submission 2201484-sdk_sandbox
Note: this is not a clean revert, I kept the changes in aosp/2199179
and the changes to system/sepolicy/Android.mk. Those changes are already
part of internal, I do not want to put those files out of sync again.
Test: atest SeamendcHostTest
Reason for revert: b/244793900
Reverted Changes:
Ib14b14cbc:Add seamendc tests for sdk_sandbox in apex sepolic...
I27ee933da:Move allow rules of sdk_sandbox to apex policy
Change-Id: If225cdd090248e050d1f0b42f547a4b073bbafc6
Third attempt to roll-forward the apex_sepolicy changes from
aosp/2179294 and aosp/2170746.
I was finally able to figure out the likely root cause of the test
breakages in internal b/243971667. The related CL aosp/2199179 is making
the apex_sepolicy files mandatory for all AOSP builds.
Without the apex_sepolicy files, mixed GSI builds in internal using AOSP
as base would not implement the sdk_sandbox rules, causing breakages for
the SdkSandbox components.
Bug: 243923977
Test: atest SeamendcHostTest
Change-Id: I27ee933da6648cca8ff1f37bde388f72b4fe6ad6
This is a roll-forward of a small chunk of aosp/2170746.
The previous CL was causing test breakages (b/240731742, b/240462388,
b/240463116).
This CL is smaller than the previous one, it only moves allow rules from
the platform policy to the apex policy (I believe the error was caused
by typeattribute rules). I also ran the closest approximation I could
find to the breaking environment, and it appears the tests are passing
https://android-build.googleplex.com/builds/abtd/run/L44100000955891118https://android-build.googleplex.com/builds/abtd/run/L68000000955937148
Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: I4c480041838c8c14011f099ba8295097fe9212db
This is a roll-forward of some of the changes rolled back in
aosp/2170746. I am rolling forward in smaller chunks so that it is
easier to identify and avoid possible breakages.
Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: Ibe451325d471fe04cd52683ba90a22543fa84c7c
Revert "Add java SeamendcHostTest in cts"
Revert submission 2111065-seamendc
Reason for revert: b/240731742, b/240462388 and b/240463116
Reverted Changes:
I3ce2845f2:Move parts of sdk_sandbox from private to apex pol...
I0c10106e2:Add java SeamendcHostTest in cts
Test: revert cl
Change-Id: If9981796694b22b7cbfe1368cd815889c741e69d
Builds:
- sepolicy_test - file that init mounts in /dev/selinux to demonstrate
that updatable sepolicy is loaded.
- apex_sepolicy.cil - Initially includes a rule allowing shell
to read sepolicy_test.
- apex_file_contexts - Initially includes mapping of
/dev/selinux/sepolicy_test.
- apex_sepolicy.sha256. Used by init to determine of
precompiled_sepolicy can be used.
- apex_service_contexts - Currently empty.
- apex_property_contexts - Currently empty.
- apex_seapp_contexts - Currently empty.
Bug: 199914227
Test: Build, boot, ls -laZ /dev/selinux/sepolicy_test
Change-Id: I6aa625dda5235c6e7a0cfff777a9e15606084c12
