blob: df8a60fe0a04afa10738175020ce685698145baa [file] [log] [blame]
This fork of Android differs in the following ways:
- All and Android.bp files
- libselinux/include/selinux/android.h
- libselinux/src/android/android.c
All other changes should be upstreamed to selinux as
Android no longer carries changes outside of those files.
The upstream project can be found at:
Thus, since all changes are in separate files, updates merged from
upstream should occur with no merge conflicts.
This fork differs from upstream libselinux in at least the following ways:
* The Android fork omits compiling many of the src files and specifies
custom build configurations. The exact details, are encoded in the
Android.bp and files.
* The SELinux policy files are all located in / rather than under
/etc/selinux since /etc is not available in Android until /system
is mounted and use fixed paths, not dependent on /etc/selinux/config.
* The kernel policy file (sepolicy in Android, policy.N in Linux) does
not include a version suffix since Android does not need to support
booting multiple kernels.
* The policy loading logic does not support automatic downgrading of
the kernel policy file to a version known to the kernel, since this
requires libsepol on the device and is only needed to support mixing
and matching kernels and userspace easily.
* restorecon functionality, including recursive restorecon, has been
been upstreamed as selinux_restorecon(), but there are residual
differences between it and selinux_android_restorecon().
* Support for seapp_contexts, a new Android-specific SELinux
configuration file has been added within android.c.