am e9cf5428: Merge "Clarify SELinux CDD requirements."
* commit 'e9cf5428b7ac0fa3570b115b2db1984f858cd8d8':
Clarify SELinux CDD requirements.
diff --git a/src/compatibility/5.0/android-5.0-cdd.html b/src/compatibility/5.0/android-5.0-cdd.html
index 6334c85..1abf06b 100644
--- a/src/compatibility/5.0/android-5.0-cdd.html
+++ b/src/compatibility/5.0/android-5.0-cdd.html
@@ -5169,9 +5169,9 @@
<h2 id=9_7_kernel_security_features>9.7. Kernel Security Features</h2>
-<p>The Android Sandbox includes features that can use the Security-Enhanced Linux
+<p>The Android Sandbox includes features that use the Security-Enhanced Linux
(SELinux) mandatory access control (MAC) system and other security features in
-the Linux kernel. SELinux or any other security features, if implemented below
+the Linux kernel. SELinux or any other security features implemented below
the Android framework:</p>
<ul>
@@ -5186,30 +5186,26 @@
affect another application (such as a Device Administration API), the API MUST
NOT allow configurations that break compatibility. </p>
-<p>Devices MUST implement SELinux or an equivalent mandatory access control system
-if using a kernel other than Linux and meet the following requirements, which
+<p>Devices MUST implement SELinux or, if using a kernel other than Linux, an equivalent mandatory access control system.
+Devices must also meet the following requirements, which
are satisfied by the reference implementation in the upstream Android Open
Source Project.</p>
<p>Device implementations:</p>
<ul>
- <li> MUST support a SELinux policy that allows the SELinux mode to be set on a
-per-domain basis, and MUST configure all domains in enforcing mode. No
+ <li> MUST set SELinux to global enforcing mode,
+ <li> MUST configure all domains in enforcing mode. No
permissive mode domains are allowed, including domains specific to a
-device/vendor
- <li> SHOULD load policy from /sepolicy file on the device
+device/vendor.
<li> MUST NOT modify, omit, or replace the neverallow rules present within the
-sepolicy file provided in the upstream Android Open Source Project (AOSP) and
-the policy MUST compile with all neverallow present, for both AOSP SELinux
-domains as well as device/vendor specific domains
- <li> MUST support dynamic updates of the SELinux policy file without requiring a
-system image update
+external/sepolicy folder provided in the upstream Android Open Source Project (AOSP) and
+the policy MUST compile with all neverallow rules present, for both AOSP SELinux
+domains as well as device/vendor specific domains.
</ul>
-<p>Device implementations SHOULD retain the default SELinux policy provided in the
-upstream Android Open Source Project, until they have first audited their
-additions to the SELinux policy. Device implementations MUST be compatible with
+<p>Device implementations SHOULD retain the default SELinux policy provided in the external/sepolicy folder of the
+upstream Android Open Source Project and only further add to this policy for their own device-specific configuration. Device implementations MUST be compatible with
the upstream Android Open Source Project.</p>
<h2 id=9_8_privacy>9.8. Privacy</h2>