Commit graph

4 commits

Author SHA1 Message Date
Jeff Vander Stoep
fb69c8e64f netlink_route_socket: add new nlmsg_readpriv perm
Used when mapping RTM_GETLINK messages to this new permission.

Users of netlink_route_sockets that do not use the net_domain()
macro will need to grant this permission as needed. Compatibility
with older vendor images is preserved by granting all vendor domains
access to this new permission in *.compat.cil files.

Bug: 141455849
Test: build (this change is a no-op without kernel changes)
Change-Id: I18f1c9fc958120a26b7b3bea004920d848ffb26e
2019-10-16 16:14:16 +02:00
Tri Vo
50aa029f4b Reland "Add 29.0 mapping files"
Steps taken to produce the mapping files:

1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.

2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.

Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
2019-06-01 17:20:34 -07:00
Tri Vo
8043136f7f Revert "Add 29.0 mapping files"
This reverts commit 5702e9d758.

Reason for revert: breaks build

Change-Id: I2a1772545ec4aae8723ecce93c9bf9d49e905986
2019-05-29 01:10:07 +00:00
Tri Vo
5702e9d758 Add 29.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.

2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.

Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I59f6251e9baa6527a358dec024e9fae62388db2b
2019-05-26 14:28:40 -07:00