Hi,
On the AOSP master branch, SELinux has been enabled in the prebuilt
emulator (goldfish) kernel, and the emulator build has been changed to
generate and use ext4 images rather than yaffs2 images, thereby removing
the need for our patches to yaffs2 for file security labeling. This
includes changes to build, system/core, kernel/goldfish, and
prebuilts/qemu-kernel. If you have previously run the emulator, you may
need to remove any existing userdata-qemu.img file in order to force it
to regenerate it from the new ext4 image.
As a result, it is no longer necessary to build and specify your own
kernel for the emulator for master, although it is still necessary to do
so for 4.2 or earlier.
There are however still a couple of changes in our kernel/goldfish tree
that are not included in the prebuilt kernel, most notably:
- Some changes to the audit code to enable syscall auditing and pathname
collection by default (this likely should be replaced by changes to
auditd to define an audit filter when it starts, so that we get the same
effect without a kernel modification).
- The SELinux support for setting security contexts on individual rootfs
inodes. This has already been submitted to AOSP for kernel/common and
submitted for mainline Linux, so it likely will get merged sooner or later.
If you want those changes, you will still need to build your own kernel
at the moment.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
