Google Git
Sign in
fuchsia / fuchsia / 77a744d9133a7e620be2880560140c5c1f8d58f4
commit77a744d9133a7e620be2880560140c5c1f8d58f4[log] [tgz]
authorBrian Bosak <bbosak@google.com>Tue Sep 24 16:13:57 2024 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 24 16:13:57 2024 +0000
tree6c8a1fb67ffc55b8580549cdf05d853a490b9a57
parentc60d0ca2313c967bf9ee4928a94c1d393b7b85b1 [diff]
Revert "[sestarnix] Eagerly initialize FsNode labeling details"

This reverts commit 413406bb9941700a7a0fe965e28faf1428ad0f6c.

Reason for revert: b/369268313

Original change's description:
> [sestarnix] Eagerly initialize FsNode labeling details
>
> Previously labels for FsNodes were resolved on-demand, with the
> fs_node_effective_sid() helper calling on to the
> fs_node_resolve_security_label() helper.
>
> Labels are now resolved for unlabeled FsNodes directly by the
> fs_node_init_with_dentry() hook, when they are first linked into
> a DirEntry. e.g. for genfscon they will be labeled based on their
> FileSystem-relative path, and for fs_use_xattr their security
> attribute will be read, to populate a label.
>
> Special cases, such as creation of an FsNode for a new file, may
> label the node prior to it being linked into a DirEntry for the
> first time, in which case the fs_node_init_with_dentry() hook is
> a no-op.
>
> This requires that any FsNodes created in FileSystems prior to the
> SELinux policy being loaded are tracked, and proactively labeled
> along with the FileSystem. The initial implementation retains a
> set of weak references to the relevant DirEntries, to allow node
> labeling to take account of the FileSystem-relative path.
>
> Bug: 366405530
> Change-Id: I8f643971636346b3841512997f9efc2297076c04
> Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1119412
> Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
> Reviewed-by: Benjamin Lerman <qsr@google.com>

Bug: 366405530
Change-Id: I33702e3d133da3553ca91f8bf28ecc4871b1b5f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1124672
Reviewed-by: Wez <wez@google.com>
Commit-Queue: Brian Bosak <bbosak@google.com>
7 files changed
tree: 6c8a1fb67ffc55b8580549cdf05d853a490b9a57
  1. boards/
  2. build/
  3. bundles/
  4. docs/
  5. examples/
  6. infra/
  7. products/
  8. scripts/
  9. sdk/
  10. src/
  11. third_party/
  12. tools/
  13. zircon/
  14. .clang-format
  15. .clang-tidy
  16. .editorconfig
  17. .git-blame-ignore-revs
  18. .gitattributes
  19. .gitignore
  20. .gitmodules
  21. .gn
  22. .ignore
  23. analysis_options.yaml
  24. AUTHORS
  25. BUILD.gn
  26. CODE_OF_CONDUCT.md
  27. CONTRIBUTING.md
  28. fuchsia.code-workspace
  29. LICENSE
  30. OWNERS
  31. PATENTS
  32. pyproject.toml
  33. pyrightconfig.json
  34. README.md
  35. rustfmt.toml
  36. shac.star
  37. shac.textproto
README.md

Fuchsia

What is Fuchsia?

Fuchsia is an open source, general purpose operating system supporting modern 64-bit Intel and ARM processors.

We expect everyone interacting with our project to respect our code of conduct.

Read more about Fuchsia's principles.

How can I build and run Fuchsia?

See Getting Started.

Where can I learn more about Fuchsia?

See fuchsia.dev.