[roll] Roll fuchsia [starnix][selinux] Compute new sid for process
Implement `security_compute_sid` equivalent as documented in the
notebook and empirically determined. The components (user, role, type,
range) of the new security context default to the source components,
unless the policy contains transition or default statements specifying
otherwise.
Also remove role allow validation from SID calculation, it has been
empirically determined that this step is performed after the context has
been calculated, and after the context has been validated against the
policy to determine whether it is a valid context according to user-role
and role-type associations. Role allow validations for processes are
treated as transition failures.
Original-Fixed: 322848117
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1027152
Original-Revision: d9d5758aa6600458a27ce9410607e90c657a2aeb
GitOrigin-RevId: 5b7696d67ecb8dc53086708a13dddf390291c1c5
Change-Id: I1120a102440ee3cd2b8460a230e7e8d952f8d635
diff --git a/stem b/stem
index e241538..22bb6d4 100644
--- a/stem
+++ b/stem
@@ -11,7 +11,7 @@
githooks="integration/git-hooks"
remote="https://fuchsia.googlesource.com/fuchsia"
gerrithost="https://fuchsia-review.googlesource.com"
- revision="22ae75686e41724445c980cd682364ced4427afc"/>
+ revision="d9d5758aa6600458a27ce9410607e90c657a2aeb"/>
</projects>
<hooks>
<hook name="install-environment"
