While working on policies for the Aries device, I noticed that some of my changes were already present in the upstream repo . It also seems to be the case that Sony added some domains for daemons that are currently missing domains as well as some file labeling. To avoid conflicting changes between our own fork and upstream which would essentially have the same result, I think it is reasonable to cherry-pick the SELinux changes from upstream.  https://github.com/sonyxperiadev/device-sony-shinano/tree/l-mr1/sepolicy
Created attachment 8684577 [details] [review] PR device-sony-shinano - update device/sony/shinano/sepolicy tree Cherry-picked commits from upstream, :gerard-majax can you please give it a look? I successfully compiled the changes for my Aries device, and everything works as expected.
Attachment #8684577 - Flags: review?(lissyx+mozillians)
There seems to be one more open pull request which fixes another SELinux issue, it may be smarter to wait with the cherry-picks, :kang what do you think?
Comment on attachment 8684577 [details] [review] PR device-sony-shinano - update device/sony/shinano/sepolicy tree LGTM, nice to see us cherry-picking Sony and Genymobile fixes :)
Attachment #8684577 - Flags: review?(lissyx+mozillians) → review+
hard to say when they take PRs or not. If the PR look sane, might even just take it preemptively. Otherwise, I'd just cherry-pick to get things going. Not really my call though - I know SELinux but I don't know the status of the Android merges on either side (ours and theirs). If we need to move quickly, cherry-pick seems like a good idea anyway (there will always be new PRs I'm sure ;)
Great thank you. I guess we can then re-open this bug in case we need to cherry-pick more commits.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → FxOS-S11 (13Nov)
You need to log in before you can comment on or make changes to this bug.