aboutsummaryrefslogtreecommitdiffstats
path: root/public
diff options
context:
space:
mode:
authorTri Vo2018-04-10 22:49:45 -0500
committerTri Vo2018-04-17 16:04:15 -0500
commit8c1a1b24725e49f0dce8ad371c7076b2ebfdde06 (patch)
treeb1854a6427364c0bcac9083695373fe8a20c3427 /public
parent53cabd6c352dd37608be0e8bebfabf5b1edcd31b (diff)
downloadsystem-sepolicy-8c1a1b24725e49f0dce8ad371c7076b2ebfdde06.tar.gz
system-sepolicy-8c1a1b24725e49f0dce8ad371c7076b2ebfdde06.tar.xz
system-sepolicy-8c1a1b24725e49f0dce8ad371c7076b2ebfdde06.zip
Sepolicy for rw mount point for vendors.
Bug: 64905218 Test: device boots with /mnt/vendor present and selinux label mnt_vendor_file applied correctly. Change-Id: Ib34e2859948019d237cf2fe8f71845ef2533ae27 Merged-In: Ib34e2859948019d237cf2fe8f71845ef2533ae27 (cherry picked from commit 210a805b46782a2a49bf5338732cf8c6abaf95de)
Diffstat (limited to 'public')
-rw-r--r--public/domain.te6
-rw-r--r--public/file.te3
2 files changed, 9 insertions, 0 deletions
diff --git a/public/domain.te b/public/domain.te
index 0e815b60..9458d796 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1363,3 +1363,9 @@ userdebug_or_eng(`
1363 dontaudit domain proc_type:file create; 1363 dontaudit domain proc_type:file create;
1364 dontaudit domain sysfs_type:file create; 1364 dontaudit domain sysfs_type:file create;
1365') 1365')
1366
1367# Platform must not have access to /mnt/vendor.
1368neverallow {
1369 coredomain
1370 -init
1371} mnt_vendor_file:dir *;
diff --git a/public/file.te b/public/file.te
index 5a5ee80b..01b489d7 100644
--- a/public/file.te
+++ b/public/file.te
@@ -225,6 +225,9 @@ type storage_file, file_type;
225type mnt_media_rw_stub_file, file_type; 225type mnt_media_rw_stub_file, file_type;
226type storage_stub_file, file_type; 226type storage_stub_file, file_type;
227 227
228# Mount location for read-write vendor partitions.
229type mnt_vendor_file, file_type;
230
228# /postinstall: Mount point used by update_engine to run postinstall. 231# /postinstall: Mount point used by update_engine to run postinstall.
229type postinstall_mnt_dir, file_type; 232type postinstall_mnt_dir, file_type;
230# Files inside the /postinstall mountpoint are all labeled as postinstall_file. 233# Files inside the /postinstall mountpoint are all labeled as postinstall_file.