commit 96a0742dce8311e46583746a3dfbb062c2d95d99
author William Loh <wloh@google.com> Fri Apr 26 16:57:39 2024 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Apr 26 16:57:39 2024 +0000
tree 059300a51dd24f7e80936059473533a365240398
parent 1c9073773233fe598a89250e32d6ed3d1abd8d8c
parent 38b57bcc47ab38df3902fdb7cc03efa2c921bae3

Merge "Add policy for /data/app-metadata" into main

public/file.te

diff --git a/public/file.te b/public/file.te
index 5c64dc0..e4c01a2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -22,8 +22,11 @@
 type proc_kpageflags, fs_type, proc_type;
 type proc_watermark_boost_factor, fs_type, proc_type;
 type proc_percpu_pagelist_high_fraction, fs_type, proc_type;
-# TODO(b/330670954): guard this once all internal references are removed.
-type proc_compaction_proactiveness, fs_type, proc_type;
+
+starting_at_board_api(202504, `
+    type proc_compaction_proactiveness, fs_type, proc_type;
+')
+
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
 type usermodehelper, fs_type, proc_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;

tests/sepolicy_freeze_test.py

diff --git a/tests/sepolicy_freeze_test.py b/tests/sepolicy_freeze_test.py
index b9b935c..fa05eb1 100644
--- a/tests/sepolicy_freeze_test.py
+++ b/tests/sepolicy_freeze_test.py
@@ -48,10 +48,6 @@
     removed_attributes = prebuilt_policy.typeattributes - current_policy.typeattributes
     added_attributes = current_policy.typeattributes - prebuilt_policy.typeattributes
 
-    # TODO(b/330670954): remove this once all internal references are removed.
-    if "proc_compaction_proactiveness" in added_types:
-        added_types.remove("proc_compaction_proactiveness")
-
     if removed_types:
         results += "The following public types were removed:\n" + ", ".join(removed_types) + "\n"
 

tools/sepolicy-analyze/neverallow.c

diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index a55a921..745ab13 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -382,21 +382,25 @@
     char *p, *start;
     int result;
 
+    int non_comment_len = 0, cur_non_comment_len = 0;
+    char *cur_non_comment_text = calloc(1, (end - text) + 1);
+    char *non_comment_text = cur_non_comment_text;
+    if (!cur_non_comment_text)
+        goto err;
     p = text;
+    bool in_comment = false;
     while (p < end) {
-        while (p < end && isspace(*p))
-            p++;
-
-        if (*p == '#') {
-            while (p < end && *p != '\n')
-                p++;
-            continue;
-        }
-
+        if (*p == '#') in_comment = true;
+        if (!in_comment || *p == '\n') *cur_non_comment_text++ = *p;
+        if (*p == '\n') in_comment = false;
+        ++p;
+    }
+    p = non_comment_text;
+    end = cur_non_comment_text;
+    while (p < end) {
+        while (p < end && isspace(*p)) p++;
         start = p;
-        while (p < end && !isspace(*p))
-            p++;
-
+        while (p < end && !isspace(*p)) p++;
         len = p - start;
         if (len != keyword_size || strncmp(start, keyword, keyword_size))
             continue;
@@ -437,8 +441,10 @@
 
     result = check_assertions(NULL, policydb, neverallows);
     avrule_list_destroy(neverallows);
+    free(non_comment_text);
     return result;
 err:
+    free(non_comment_text);
     if (errno == ENOMEM) {
         fprintf(stderr, "Out of memory while parsing neverallow rules\n");
     } else