)]}'
{
  "commit": "e60b080dda138e1dd02d99fb34641ac22e46c85d",
  "tree": "73321fe3c95d3323ca1962b7ab64681aefc29dff",
  "parents": [
    "5ce7022394055e183c12368778d361461fe90a6e"
  ],
  "author": {
    "name": "Pete Bentley",
    "email": "prb@google.com",
    "time": "Thu Sep 12 15:43:12 2019 +0100"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Thu Sep 12 15:45:49 2019 +0000"
  },
  "message": "Only write self test flag files if an environment variable is set.\n\nPrevents arbitrary processes linked against libcrypto, which run\nbefore the self test binaries, from triggering SELinux audit logs.\n\nFails safe. I.e. default is not to write a flag file which in turn\nwill mean all processes loading libcrypto run a full set of KAT tests\nuntil the variable is set.\n\nAlternative considered:  Use a weak gloabl symbol containing the flag\n(defaulting to \"don\u0027t write\") and override in the self test binaries.\nHowever at the very least this would need to be in a separate object\nfile other than bcm.o to prevent local symbol resolution, so unsure\nif that would be acceptable.\n\nChange-Id: I32b20699bdd7ecaff06fc5f79b213d9a9d5f6253\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37404\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3d47e69ee98d92c6bfe7e00f6da18e8807a83943",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/self_check/self_check.c",
      "new_id": "71d1c18dd771ca502d42ebc38564825b0a5bc0cb",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/self_check/self_check.c"
    }
  ]
}