| commit | 3759d9a99b6d0c67f08736db83142fd9a2c7fb8c | [log] [tgz] |
|---|---|---|
| author | Marina Ciocea <marinaciocea@fuchsia.infra.roller.google.com> | Tue Apr 16 18:59:21 2024 +0000 |
| committer | Copybara-Service <copybara-worker@google.com> | Tue Apr 16 12:00:29 2024 -0700 |
| tree | 7956d8ff9881cdecbb5f69161713f3d949800ff3 | |
| parent | 57f39b2fc62d2e2ca84c06ca6d270b3e3e5329fb [diff] |
[roll] Roll fuchsia [starnix][selinux] Compute new sid for process Implement `security_compute_sid` equivalent as documented in the notebook and empirically determined. The components (user, role, type, range) of the new security context default to the source components, unless the policy contains transition or default statements specifying otherwise. Also remove role allow validation from SID calculation, it has been empirically determined that this step is performed after the context has been calculated, and after the context has been validated against the policy to determine whether it is a valid context according to user-role and role-type associations. Role allow validations for processes are treated as transition failures. Original-Fixed: 322848117 Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1027152 Original-Revision: d9d5758aa6600458a27ce9410607e90c657a2aeb GitOrigin-RevId: 5b7696d67ecb8dc53086708a13dddf390291c1c5 Change-Id: I1120a102440ee3cd2b8460a230e7e8d952f8d635
This repository contains Fuchsia's Global Integration manifest files.
All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.
Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance via the IRC channel #fuchsia on Freenode.
First install Jiri.
Next run:
$ jiri init $ jiri import minimal https://fuchsia.googlesource.com/integration $ jiri update
Third party projects should have their own subdirectory in ./third_party.