mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-11 13:26:01 +00:00
8afa5467e2
Android is now rectified with upstream libselinux with the exception of the src/android.c and include/selinux/android.h files. Since the changes now reside in separate files, no conflict will occur when merging updates from upstream. Any changes to other files should go upstream. Bug: 31910164 Test: Builds Change-Id: I4c3c3d1a89a69f2796ec07ccccaf1aaa99457377 Signed-off-by: William Roberts <william.c.roberts@intel.com>
42 lines
1.7 KiB
Plaintext
42 lines
1.7 KiB
Plaintext
This fork of Android differs in the following ways:
|
|
- README.android
|
|
- All Android.mk and Android.bp files
|
|
- ALL MODULE_LICENSE_* files
|
|
- libselinux/include/selinux/android.h
|
|
- libselinux/src/android/android.c
|
|
|
|
All other changes should be upstreamed to selinux as
|
|
Android no longer carries changes outside of those files.
|
|
|
|
The upstream project can be found at:
|
|
https://github.com/SELinuxProject/selinux
|
|
|
|
Thus, since all changes are in separate files, updates merged from
|
|
upstream should occur with no merge conflicts.
|
|
|
|
This fork differs from upstream libselinux in at least the following ways:
|
|
|
|
* The Android fork omits compiling many of the src files and specifies
|
|
custom build configurations. The exact details, are encoded in the
|
|
Android.bp and Android.mk files.
|
|
|
|
* The SELinux policy files are all located in / rather than under
|
|
/etc/selinux since /etc is not available in Android until /system
|
|
is mounted and use fixed paths, not dependent on /etc/selinux/config.
|
|
|
|
* The kernel policy file (sepolicy in Android, policy.N in Linux) does
|
|
not include a version suffix since Android does not need to support
|
|
booting multiple kernels.
|
|
|
|
* The policy loading logic does not support automatic downgrading of
|
|
the kernel policy file to a version known to the kernel, since this
|
|
requires libsepol on the device and is only needed to support mixing
|
|
and matching kernels and userspace easily.
|
|
|
|
* restorecon functionality, including recursive restorecon, has been
|
|
been upstreamed as selinux_restorecon(), but there are residual
|
|
differences between it and selinux_android_restorecon().
|
|
|
|
* Support for seapp_contexts, a new Android-specific SELinux
|
|
configuration file has been added within android.c.
|