<snip> >> libselinux only "sorts" in the sense of giving precedence to exact (no >> regex characters) entries. The sorting described in the page you >> referenced is done by libsemanage or by the fc_sort helper program >> used in the refpolicy build and is not part of Android at all. That >> sorting was introduced to help with ambiguities that occur when >> file_contexts was split into per-module .fc files. >That's essentially the problem we have in our build. Each module is added >during the build via sepolicy dirs variable. Perhaps then we should look at >adding fc_sort during build? >Android however >> only has a single monolithic file_contexts file, and even with the >> device-specific file_contexts, the assumption is that those entries >> should always take precedence over the generic ones (as long as they >> are not identical and conflict). So order does matter. Last matching >> entry wins.
Does anyone object to adding something like sort_fc to the build to alleviate this ordering issue? Now that we switch to checking the fc files with checkfc, I'm not aware of any other CTS issues. BTW in the CTS test, why didn't we just modify checkfc to return status codes for equal, subset, superset? We have all this "complicated" stdio checking for exact matching. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
