Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / docs / source.android.com / 3bd2eafd1ca7e31384ed81076b994d4db09e4e81^! / .
commit3bd2eafd1ca7e31384ed81076b994d4db09e4e81[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Wed Apr 01 14:02:10 2015 -0400
committerClay Murphy <claym@google.com>Mon Apr 06 16:22:25 2015 -0700
tree2486dfca9a573b8d211c937b45c0839eb84545d5
parent1b6f50bc73d3aec7fbb3350818b33814bd57d198 [diff]
Update SELinux documentation.

permissive_or_unconfined() has been removed in master and does not work as
advertised even in 5.x since FORCE_PERMISSIVE_TO_UNCONFINED is always true
in 5.x, so just tell them to always use permissive declarations directly
for domain development.

BOARD_SEPOLICY_UNION has been removed in master, so note that as something
that will not be needed in a future release.

Change-Id: I63bb8f75acd224f0e2fbd18b9cbcc917df06f0de
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/src/devices/tech/security/selinux/customize.jd b/src/devices/tech/security/selinux/customize.jd
index 592b9b4..63b3b56 100644
--- a/src/devices/tech/security/selinux/customize.jd
+++ b/src/devices/tech/security/selinux/customize.jd

@@ -72,9 +72,8 @@
   <li>Put those policies in *.te files (the extension for SELinux policy source
 files) within the <code>/device/manufacturer/device-name/sepolicy</code> directory and use
 <code>BOARD_SEPOLICY</code> variables to include them in your build.
-  <li>Make new domains permissive initially. In Android 4.4 and earlier, this is done
-using a permissive declaration. In later versions of Android, per-domain
-permissive mode is specified using the <code>permissive_or_unconfined()</code> macro.
+  <li>Make new domains permissive initially. This is done by
+using a permissive declaration in the domain's .te file.
   <li>Analyze results and refine your domain definitions.
   <li>Remove the permissive declaration when no further denials appear in userdebug
 builds.
@@ -127,7 +126,7 @@
 
 <pre>
 type dhcp, domain;
-permissive_or_unconfined(dhcp)
+permissive dhcp;
 type dhcp_exec, exec_type, file_type;
 type dhcp_data_file, file_type, data_file_type;
 
@@ -162,7 +161,7 @@
 security policy (<code>domain</code>). From the previous statement examples, we know DHCP can read from and write
 to <code>/dev/null.</code></p>
 
-<p>In the second line, DHCP is identified as an experimental domain (<code>permissive_or_unconfined</code>) with only minimal rules enforced.</p>
+<p>In the second line, DHCP is identified as a permissive domain.</p>
 
 <p>In the <code>init_daemon_domain(dhcp)</code> line, the policy states DHCP is spawned from <code>init</code> and is allowed to communicate with it.</p>
 

diff --git a/src/devices/tech/security/selinux/implement.jd b/src/devices/tech/security/selinux/implement.jd
index 655a6bc..aa89303 100644
--- a/src/devices/tech/security/selinux/implement.jd
+++ b/src/devices/tech/security/selinux/implement.jd

@@ -220,8 +220,8 @@
 These should
 be given domains EARLY in order to avoid adding rules to init or otherwise
 confusing <code>init</code> accesses with ones that are in their own policy.
-  <li>Set up <code>BOARD_CONFIG.mk</code> to use <code>BOARD_SEPOLICY_UNION</code> and <code>BOARD_SEPOLICY_DIRS</code>. See
-the README in /sepolicy for details on setting this up.
+  <li>Set up <code>BOARD_CONFIG.mk</code> to use <code>BOARD_SEPOLICY_*</code> variables. See
+the README in external/sepolicy for details on setting this up.
   <li> Examine the init.&lt;device&gt;.rc and fstab.&lt;device&gt; file and make sure every use of “mount”
 corresponds to a properly labeled filesystem or that a context= mount option is specified.
   <li> Go through each denial and create SELinux policy to properly handle each. See