Google Git
Sign in
fuchsia / integration / 8b46cc805dfe13912703eee998a5285e10c4c4f4
commit8b46cc805dfe13912703eee998a5285e10c4c4f4[log] [tgz]
authorWez <wez@fuchsia.infra.roller.google.com>Thu Jan 30 11:44:46 2025 -0800
committerCopybara-Service <copybara-worker@google.com>Thu Jan 30 11:46:13 2025 -0800
treecb91b5fd502ea229354bd7918573f5ec40472eec
parent94aabfd07b318bbf829a3cfd632f755a00d7eda2 [diff]
[roll] Roll fuchsia [sestarnix] Optimize fallback for filename-transition lookups.

The Query/QueryMut traits are now internal to the SELinux
implementation, and used to serve requests made via the single
public PermissionCheck API.

The PermissionCheck API's compute_new_file_sid() now accepts the
name of the new file, which is for now only supplied by the
anon_inode call-site. The implementation queries the policy via
a Query[Mut]::compute_new_file_sid_with_name() API, and then
falls-back to using the name-independent query API if that does
not return a result - this ensures that the common case of files
not matching any filename-transition can fall-back via the AVC.

The policy now supports a similar arrangement of APIs, with the
new_security_context() API split into public and internal versions,
to allow an extra "type"-override argument for use when creating
SecurityContexts for filename-transitions.

Original-Bug: 392402219, 385075470
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1196577
Original-Revision: 36d5ba188554216ecc7ddfd5a61e7c617837e507
GitOrigin-RevId: d173380a5119235c8edaab08335e1bf0a29835be
Change-Id: I4227b033a3497dc250f63a76e36c797144bfb6fa
1 file changed
tree: cb91b5fd502ea229354bd7918573f5ec40472eec
  1. ctf/
  2. git-hooks/
  3. infra/
  4. third_party/
  5. cts
  6. firmware
  7. flower
  8. jiri.lock
  9. MILESTONE
  10. minimal
  11. prebuilts
  12. README.md
  13. stem
  14. test_durations
  15. toolchain
README.md

Integration

This repository contains Fuchsia's Global Integration manifest files.

Making changes

All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.

Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.

Obtaining the source

First install Jiri.

Next run:

$ jiri init
$ jiri import minimal https://fuchsia.googlesource.com/integration
$ jiri update

Third party

Third party projects should have their own subdirectory in ./third_party.