Google Git
Sign in
fuchsia/integration/43222fda401d0380c3713373b2ad264dd494a467
commit
43222fda401d0380c3713373b2ad264dd494a467
[log]
author
Ambre Williams <ambre@fuchsia.infra.roller.google.com>
Wed Apr 09 05:33:39 2025 -0700
committer
Copybara-Service <copybara-worker@google.com>
Wed Apr 09 05:35:34 2025 -0700
tree
0f5dadc8f53b0cc9bf4f74a9a1f93dd5d903b233
parent
be71cad3c451a1a2d2c2717fb867c116f9a05beb [diff]
[roll] Roll fuchsia [starnix][vfs] Early-reject attempts to write to a StaticDirectory

With SEStarnix enabled, we would see a number of `add_name` denials
when a process attempts to write a /proc/pid/<file> that doesn't
exist, and the process calls open with O_CREAT.
To avoid confusing denials, reject the write early in `check_access`,
before MAC checks are performed.

Original-Bug: 408330052
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1248505
Original-Revision: 8c9ad6c44138ebd9214af7d7100063dbaa88a02d
GitOrigin-RevId: c3a1d0760cfbc080e182693ffc516546836ab2e7
Change-Id: Ic0be17131cdd4934720c5e2cd2238534ac38cdb8
1 file changed
tree: 0f5dadc8f53b0cc9bf4f74a9a1f93dd5d903b233
  1. ctf/
  2. git-hooks/
  3. infra/
  4. third_party/
  5. cts
  6. firmware
  7. flower
  8. jiri.lock
  9. MILESTONE
  10. minimal
  11. prebuilts
  12. README.md
  13. stem
  14. test_durations
  15. toolchain
README.md

Integration

This repository contains Fuchsia's Global Integration manifest files.

Making changes

All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.

Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.

Obtaining the source

First install Jiri.

Next run:

$ jiri init
$ jiri import minimal https://fuchsia.googlesource.com/integration
$ jiri update

Third party

Third party projects should have their own subdirectory in ./third_party.