| commit | 1b893eb9812f2bc7dfad4162ff19478472e40e68 | [log] [tgz] |
|---|---|---|
| author | Wez <wez@fuchsia.infra.roller.google.com> | Fri Nov 14 07:51:32 2025 -0800 |
| committer | Copybara-Service <copybara-worker@google.com> | Fri Nov 14 07:53:13 2025 -0800 |
| tree | 4c6423a542ddd0721cae28a13b263b7b51e1fa19 | |
| parent | 42897dc363655fe76257f8314fababb49f205688 [diff] |
[roll] Roll fuchsia [sestarnix] Revise handling of set/get/removexattr access checks Access-checks for user, security, system and trusted attributes are revised to align with the xattr(7) man page descriptions. Discretionary capability and access checks are now made before any LSM checks. LSM checks are applied via check_fs_node_set/get_xattr_access with the fs_node_set/getsecurity hooks responsible only for handling actual updates or requests for the "security.selinux" attribute. All other "security.*" attributes accesses are delegated to the FsNode implementation to service via FsNodeOps::set/get_xattr(). Original-Bug: 450104899, 460215348 Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1419934 Original-Revision: 04c97345ac22e6fc8b10f9f051a52cb3e3a332e3 GitOrigin-RevId: 1cd394af438f723393b73f6c73a06f8b1393d93e Change-Id: Ifb92f170e6f7365cd8dc9321d83aceadeb7d4654
This repository contains Fuchsia's Global Integration manifest files.
All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.
Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.
First install Jiri.
Next run:
$ jiri init $ jiri import minimal https://fuchsia.googlesource.com/integration $ jiri update
Third party projects should have their own subdirectory in ./third_party.