Closed
Bug 1180216
Opened 9 years ago
Closed 9 years ago
Create Selinux policy for flame-l
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(b2g-master fixed)
RESOLVED
FIXED
FxOS-S5 (21Aug)
Tracking | Status | |
---|---|---|
b2g-master | --- | fixed |
People
(Reporter: seinlin, Assigned: tedd)
References
Details
Attachments
(3 files)
+++ This bug was initially created as a clone of Bug #1136032 +++ I think it could be better to handle flame-l in a different bug for tracking purpose.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → julian.r.hector
Assignee | ||
Comment 1•9 years ago
|
||
Ok, since I am already taking care of the nexus 5 rules I will also work on this.
Assignee | ||
Comment 2•9 years ago
|
||
In response to Bug 1136032 Comment 52: I would think that having to maintain a branch is easier than to keep track of what domain needs a dummy definition. I also think that having a fork of the original repository makes it easier to update to a newer version of the policies in case things change. But at the same time, I can also see the benefit of moving the device specific policies into a single place instead of having them spread across the file system. Both methods probably have their benefits, but you are more experienced with the maintenance and all, so if you think it is better to move them over I will do that.
Flags: needinfo?(seinlin.maung+bugs)
Reporter | ||
Comment 3•9 years ago
|
||
What I concern about is if we have all selinux policies in each device specific repo, when we want to update b2g common policies we need to update all device specific repos. If we have b2g common policies in the same place, we can update them at once. So that's why I think having b2g common policies and device specific things separately could be better.
Flags: needinfo?(seinlin.maung+bugs)
Assignee | ||
Comment 4•9 years ago
|
||
(In reply to Kai-Zhen Li [:kli][:seinlin] from comment #3) > What I concern about is if we have all selinux policies in each device > specific repo, when we want to update b2g common policies we need to update > all device specific repos. > > If we have b2g common policies in the same place, we can update them at once. > > So that's why I think having b2g common policies and device specific things > separately could be better. Ok, good points, let's go with your approach. I will make the modifications and create pull requests.
Assignee | ||
Comment 5•9 years ago
|
||
So I encountered the problem I described in Bug 1136032 Comment 67, flame-l uses a later version of platform/external/sepolicy, which defines a domain that isn't defined in the branched that is used by nexus-5. But the qcom policy files used in the Flame, define allow rules for that domain, but since it is not defined it can't successfully build the policy. What do you think?
Flags: needinfo?(seinlin.maung+bugs)
Reporter | ||
Comment 6•9 years ago
|
||
Flame-l is based on 5.0; Nexus-l is based on 5.1. We can expect there is some difference. Basically, we have this rule for all repos forked from aosp, aosp branch + b2g change -> b2g branch. But flame-l use a tag instead of aosp branch. I think we can follow how "frameworks/av" does and have a branch LA.BF.1.1.2_rb1.12 for platform/external/sepolicy too.
Flags: needinfo?(seinlin.maung+bugs)
Assignee | ||
Comment 7•9 years ago
|
||
(In reply to Kai-Zhen Li [:kli][:seinlin] from comment #6) > But flame-l use a tag instead of aosp branch. I think we can follow how > "frameworks/av" does and have a branch LA.BF.1.1.2_rb1.12 for > platform/external/sepolicy too. Sounds good, once we have the branch I can make the PR's.
Reporter | ||
Comment 8•9 years ago
|
||
The branched is created. https://github.com/mozilla-b2g/platform_external_sepolicy/tree/LA.BF.1.1.2_rb1.12
Assignee | ||
Comment 9•9 years ago
|
||
Attachment #8635077 -
Flags: review?(gdestuynder)
Assignee | ||
Comment 10•9 years ago
|
||
Attachment #8635078 -
Flags: review?(seinlin.maung+bugs)
Attachment #8635078 -
Flags: review?(gdestuynder)
Assignee | ||
Comment 11•9 years ago
|
||
Attachment #8635079 -
Flags: review?(seinlin.maung+bugs)
Reporter | ||
Comment 12•9 years ago
|
||
Comment on attachment 8635079 [details] [review] Part 3: Bug 1180216 - Use forked external/sepolicy, remove qcom sepolicy r=seinlin Looks good to me.
Attachment #8635079 -
Flags: review?(seinlin.maung+bugs) → review+
Attachment #8635077 -
Flags: review?(gdestuynder) → review+
Attachment #8635078 -
Flags: review?(gdestuynder) → review+
Reporter | ||
Updated•9 years ago
|
Attachment #8635078 -
Flags: review?(seinlin.maung+bugs) → review+
Reporter | ||
Comment 13•9 years ago
|
||
Dependent bug 1136032 need to be landed before this bug. Once the patches are ready for landing, please add checkin-needed keyword in corresponding bug.
Assignee | ||
Comment 14•9 years ago
|
||
Ok, Bug 1136032 has landed, I think we can merge these patches now as well.
Keywords: checkin-needed
Assignee | ||
Comment 15•9 years ago
|
||
Rather not now, I will be out of the office the next two days.
Keywords: checkin-needed
Comment 17•9 years ago
|
||
LA.BF.1.1.2_rb1.12: https://github.com/mozilla-b2g/platform_external_sepolicy/commit/a3e56c260c4dd75d6b090675bb400723a92c1e3f lollipop: https://github.com/mozilla-b2g/device-flame/commit/6c0fefd2f478a6d528ae6581da5b52bfc48dca1e Master: https://github.com/mozilla-b2g/b2g-manifest/commit/43bd24f38678a6064977b0b8dd30ba43c7c16a42
Status: NEW → RESOLVED
Closed: 9 years ago
status-b2g-master:
--- → fixed
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → FxOS-S5 (21Aug)
You need to log in
before you can comment on or make changes to this bug.
Description
•