Google Git
Sign in
android / platform / external / selinux / 88e334f1923396d5ace56b8439c731dcde0d1f3b
commit88e334f1923396d5ace56b8439c731dcde0d1f3b[log] [tgz]
authorGary Tierney <[email protected]>Thu Oct 06 12:09:41 2016 +0100
committerStephen Smalley <[email protected]>Thu Oct 06 09:39:04 2016 -0400
treec73013df9fb53a334de58beff032b14eaa792469
parent82f994550f955ceb8cb86f1b9fc8602695b6e694 [diff]
genhomedircon: use userprefix as the role for homedir content

Treat a users prefix like a mapping to the role for file context
specifications in users homedirs.  This behavior is only applicable when
the users prefix is the identifier of a role which is valid for the
given user.  If the prefix is not a valid role, then genhomedircon will
write contexts out as normal.

Additionally, this commit enables configuring RBACSEP in policy:

(tunableif enable_rbacsep
    (true
        (userprefix user_u user_r)
    (false
        (userprefix user_u object_r))))

Signed-off-by: Gary Tierney <[email protected]>
1 file changed
tree: c73013df9fb53a334de58beff032b14eaa792469
  1. checkpolicy/
  2. libselinux/
  3. libsemanage/
  4. libsepol/
  5. policycoreutils/
  6. scripts/
  7. secilc/
  8. sepolgen/
  9. .gitignore
  10. CleanSpec.mk
  11. Makefile
  12. README