Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / docs / source.android.com / e40b49c6d398a1f099c47787bd682db7cf551d99^! / .
commite40b49c6d398a1f099c47787bd682db7cf551d99[log] [tgz]
authorClay Murphy <claym@google.com>Mon Jun 29 16:08:17 2015 -0700
committerClay Murphy <claym@google.com>Mon Jun 29 16:08:17 2015 -0700
treeb26718ae2e367f3acb33ba7a537d8fc1228b1739
parentdf61218b290c2d0018a77e033c5352250f3a85a7 [diff]
Docs: Adding neverallow to home page, compatibility link to customize

Bug: 21467635
Change-Id: I6977263a3525b3420ca0c81d6ba796d04ad860ce

diff --git a/src/devices/tech/security/selinux/customize.jd b/src/devices/tech/security/selinux/customize.jd
index a667168..a84d60f 100644
--- a/src/devices/tech/security/selinux/customize.jd
+++ b/src/devices/tech/security/selinux/customize.jd

@@ -275,8 +275,8 @@
 <h2 id=neverallow>neverallow rules</h2>
 
 <p>SELinux <code>neverallow</code> rules prohibit behavior that should never occur.
-With compatibility testing, SELinux <code>neverallow</code> rules are now
-enforced across partner devices.</p>
+With <a href="{@docRoot}compatibility/index.html">compatibility</a> testing,
+SELinux <code>neverallow</code> rules are now enforced across partner devices.</p>
 
 <p>The following guidelines are intended to help manufacturers avoid errors
 related to <code>neverallow</code> rules during customization. The rule numbers
@@ -295,5 +295,6 @@
 This rule is intended to prevent the execution of arbitrary code on the system.
 Specifically, it asserts that only code on <code>/system</code> gets executed,
 which allows security guarantees thanks to mechanisms such as verified boot.
-Often, the best solution when encountering a problem with this neverallow rule
-is to move the offending code to the <code>/system</code> partition.</p>
+Often, the best solution when encountering a problem with this
+<code>neverallow</code> rule is to move the offending code to the
+<code>/system</code> partition.</p>

diff --git a/src/index.jd b/src/index.jd
index 4347ada..3ef5f67 100644
--- a/src/index.jd
+++ b/src/index.jd

@@ -42,8 +42,14 @@
   <div class="landing-docs">
     <div class="col-8">
     <h3>What's New</h3>
+<a href="{@docRoot}devices/tech/security/selinux/customize.html">
+        <h4>SELinux neverallow Rules</h4></a>
+        <p>New guidance has been offered on the use of Security-Enhanced Linux (SELinux) <strong><a
+        href="{@docRoot}devices/tech/security/selinux/customize.html#neverallow"><code>neverallow</code>
+        rules</a></strong>, which prohibit behavior that should never occur.</p>
+
 <a href="{@docRoot}source/build-numbers.html">
-        <h4>New Build Numbers</h4></a>
+        <h4>Build Numbers for Nexus 6 and 7</h4></a>
         <p>Build numbers <strong><a
         href="{@docRoot}source/build-numbers.html#source-code-tags-and-builds">LYZ28E and
         LMY48G</a></strong> have been added for Nexus 6 (T-Mobile ONLY) and Nexus 7 (flo),