Merge "Docs: Update docs for default-methods and dex version 037" into nyc-dev
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html
index 8852a4e..63db045 100644
--- a/src/compatibility/android-cdd.html
+++ b/src/compatibility/android-cdd.html
@@ -5271,13 +5271,13 @@
<li>MUST configure all domains in enforcing mode. No permissive mode domains
are allowed, including domains specific to a device/vendor.</li>
<li>MUST NOT modify, omit, or replace the neverallow rules present within the
- external/sepolicy folder provided in the upstream Android Open Source Project
+ system/sepolicy folder provided in the upstream Android Open Source Project
(AOSP) and the policy MUST compile with all neverallow rules present, for both
AOSP SELinux domains as well as device/vendor specific domains.</li>
</ul>
<p>Device implementations SHOULD retain the default SELinux policy provided in
-the external/sepolicy folder of the upstream Android Open Source Project and
+the system/sepolicy folder of the upstream Android Open Source Project and
only further add to this policy for their own device-specific configuration.
Device implementations MUST be compatible with the upstream Android Open Source
Project.</p>
diff --git a/src/security/selinux/concepts.jd b/src/security/selinux/concepts.jd
index 1958474..0ea2ed4 100644
--- a/src/security/selinux/concepts.jd
+++ b/src/security/selinux/concepts.jd
@@ -122,7 +122,7 @@
<p>This says that all application domains are allowed to read and write files labeled
app_data_file. Note that this rule relies upon macros defined in the
global_macros file, and other helpful macros can also be found in the te_macros
-file, both of which can be found in the <a href="https://android.googlesource.com/platform/external/sepolicy/">external/sepolicy</a> directory in the AOSP source tree. Macros are provided for common groupings of classes, permissions and
+file, both of which can be found in the <a href="https://android.googlesource.com/platform/system/sepolicy/">system/sepolicy</a> directory in the AOSP source tree. Macros are provided for common groupings of classes, permissions and
rules, and should be used whenever possible to help reduce the likelihood of
failures due to denials on related permissions.</p>
diff --git a/src/security/selinux/implement.jd b/src/security/selinux/implement.jd
index 0655e1d..f5f605b 100644
--- a/src/security/selinux/implement.jd
+++ b/src/security/selinux/implement.jd
@@ -62,15 +62,15 @@
<h2 id=key_files>Key files</h2>
<p>SELinux for Android is accompanied by everything you need to enable SELinux
-now. You merely need to integrate the <a href="https://android.googlesource.com/kernel/common/">latest Android kernel</a> and then incorporate the files found in the <a href="https://android.googlesource.com/platform/external/sepolicy/">external/sepolicy</a> directory:</p>
+now. You merely need to integrate the <a href="https://android.googlesource.com/kernel/common/">latest Android kernel</a> and then incorporate the files found in the <a href="https://android.googlesource.com/platform/system/sepolicy/">system/sepolicy</a> directory:</p>
<p><a href="https://android.googlesource.com/kernel/common/">https://android.googlesource.com/kernel/common/ </a></p>
-<p><a href="https://android.googlesource.com/platform/external/sepolicy/">https://android.googlesource.com/platform/external/sepolicy/</a></p>
+<p><a href="https://android.googlesource.com/platform/system/sepolicy/">https://android.googlesource.com/platform/system/sepolicy/</a></p>
<p>Those files when compiled comprise the SELinux kernel security policy and cover
the upstream Android operating system. You should not need to modify the
-external/sepolicy files directly. Instead, add your own device-specific policy
+system/sepolicy files directly. Instead, add your own device-specific policy
files within the /device/manufacturer/device-name/sepolicy directory.</p>
<p>Here are the files you must create or edit in order to implement SELinux:</p>
@@ -128,7 +128,7 @@
<p>Then just update your BoardConfig.mk makefile - located in the directory
containing the sepolicy subdirectory - to reference the sepolicy subdirectory
and each policy file once created, as shown below. The BOARD_SEPOLICY variables
-and their meaning is documented in the external/sepolicy/README file.</p>
+and their meaning is documented in the system/sepolicy/README file.</p>
<pre>
BOARD_SEPOLICY_DIRS += \
@@ -226,7 +226,7 @@
be given domains EARLY in order to avoid adding rules to init or otherwise
confusing <code>init</code> accesses with ones that are in their own policy.
<li>Set up <code>BOARD_CONFIG.mk</code> to use <code>BOARD_SEPOLICY_*</code> variables. See
-the README in external/sepolicy for details on setting this up.
+the README in system/sepolicy for details on setting this up.
<li> Examine the init.<device>.rc and fstab.<device> file and make sure every use of “mount”
corresponds to a properly labeled filesystem or that a context= mount option is specified.
<li> Go through each denial and create SELinux policy to properly handle each. See
diff --git a/src/security/selinux/validate.jd b/src/security/selinux/validate.jd
index 34199f5..339628d 100644
--- a/src/security/selinux/validate.jd
+++ b/src/security/selinux/validate.jd
@@ -34,7 +34,7 @@
<p>This will print the global SELinux mode: either Disabled, Enforcing, or
Permissive. Please note, this command shows only the global SELinux mode. To
determine the SELinux mode for each domain, you must examine the corresponding
-files or run the latest version of <code>sepolicy-analyze</code> with the appropriate (-p) flag, present in /platform/external/sepolicy/tools/.</p>
+files or run the latest version of <code>sepolicy-analyze</code> with the appropriate (-p) flag, present in /platform/system/sepolicy/tools/.</p>
<h2 id=reading_denials>Reading denials</h2>