diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2015-10-22 09:30:40 -0700 |
|---|---|---|
| committer | John Stultz <john.stultz@linaro.org> | 2016-02-16 13:53:56 -0800 |
| commit | 969f47d4b1986f2950ebfdba90012da60c2aab48 (patch) | |
| tree | 95d82932d39756497a2718cb60b9d619726b7634 /security/selinux/hooks.c | |
| parent | 78d36d2111cd4ca722a602846f7db8f54a0b074c (diff) | |
selinux: Android kernel compatibility with M userspace
NOT intended for new Android devices - this commit is unnecessary
for a target device that does not have a previous M variant.
DO NOT upstream. Android only.
Motivation:
This commit mitigates a mismatch between selinux kernel and
selinux userspace. The selinux ioctl white-listing binary policy
format that was accepted into Android M differs slightly from what
was later accepted into the upstream kernel. This leaves Android
master branch kernels incompatible with Android M releases. This
patch restores backwards compatibility. This is important because:
1. kernels may be updated on a different cycle than the rest of the
OS e.g. security patching.
2. Android M bringup may still be ongoing for some devices. The
same kernel should work for both M and master.
Backwards compatibility is achieved by checking for an Android M
policy characteristic during initial policy read and converting to
upstream policy format. The inverse conversion is done for policy
write as required for CTS testing.
Bug: 22846070
Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions