From: Stephen Smalley <sds@tycho.nsa.gov>
To: William Roberts <bill.c.roberts@gmail.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: Tuna policy files
Date: Fri, 18 May 2012 08:54:04 -0400 [thread overview]
Message-ID: <1337345644.24439.26.camel@moss-pluto> (raw)
In-Reply-To: <1337185286.10285.94.camel@moss-pluto>
On Wed, 2012-05-16 at 12:21 -0400, Stephen Smalley wrote:
> On Tue, 2012-05-15 at 09:48 -0700, William Roberts wrote:
> > Should the files in device/samsung/tuna be in maguro and toro
> > directories? I ask this because when I build maguro, I am still not
> > seeing factory getting labeled correctly.
> >
> >
> > In externale/sepolicy we have the below line...
> > LOCAL_POLICY_DIRS := $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)/
> > device/*/$(TARGET_DEVICE)/ vendor/*/$(TARGET_DEVICE)/
> >
> >
> > Tuna is never really built, maguro and toro inherit their product
> > makefiles from tuna, so I think we need to move these files and update
> > the external/sepolicy so thier is no conflict on labeling factory.
> >
> >
> > Can someone confirm my sanity?
>
> I think you are correct. We wouldn't have caught it because we don't
> have Galaxy Nexus ourselves on which to test. So our changes to
> BoardConfig.mk, device.mk, and init.tuna.rc are correctly under
> device/samsung/tuna, but the sepolicy.* files need to be copied to both
> device/samsung/maguro and device/samsung/toro? Or possibly we could
> create sepolicy.te files that merely include the tuna/ ones, e.g.
> $ cat sepolicy.te
> include(`device/samsung/tuna/sepolicy.te')
>
> To support that for .fc files, we'd need to apply m4 there as well in
> the sepolicy Android.mk file.
(cc selinux list)
I have set up git projects for toro and maguro on selinuxproject.org,
updated the local_manifest.xml files (for master and 4.0.4) to include
these projects, added trivial sepolicy.{te,fc} files that include the
tuna files, and modified the sepolicy Android.mk file to apply m4 for
the .fc files in addition to .te files so that they can use includes.
To update, you'll want to grab the updated local_manifest.xml file and
run repo sync -j1 again. If you have locally created the
sepolicy.{te,fc} files, you may need to move them aside.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next parent reply other threads:[~2012-05-18 12:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAFftDdp=i5a0s=MERWsHjJb3soMEU8s_nKDpT=OHJXu12iBZjw@mail.gmail.com>
[not found] ` <1337185286.10285.94.camel@moss-pluto>
2012-05-18 12:54 ` Stephen Smalley [this message]
2012-05-19 5:08 ` Tuna policy files Bryan Hinton
2012-05-21 14:20 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1337345644.24439.26.camel@moss-pluto \
--to=sds@tycho.nsa.gov \
--cc=bill.c.roberts@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.