Skip to content
Snippets Groups Projects
Commit b8787693 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Retain neverallow rules in CIL files 

Fixes issue where attributes used exlusively in neverallow
rules were removed from policy.

For on-device compile use the -N flag to skip neverallow tests.

Policy size increases:
vendor/etc/selinux/nonplat_sepolicy.cil 547849 -> 635637
vendor/etc/selinux/precompiled_sepolicy 440248 -> 441076
system/etc/selinux/plat_sepolicy.cil    567664 -> 745230

For a total increase in system/vendor: 266182.

Boot time changes:
Pixel uses precompiled policy so boot time is not impacted.
When forcing on-device compile on Marlin selinux policy compile
time increases 510-520 ms -> 550-560 ms.

Bug: 37357742
Test: Build and boot Marlin.
Test: Verify both precompiled and on-device compile work.
Change-Id: Ib3cb53d376a96e34f55ac27d651a6ce2fabf6ba7
parent 393c8e94
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 43 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment