Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_google_pixel-sepolicy / 74e4496ab6e98b4fdadd731f6eeaafc3c8b932c7^! / . / ramdump
commit74e4496ab6e98b4fdadd731f6eeaafc3c8b932c7[log] [tgz]
authorWoody Lin <woodylin@google.com>Tue Jun 22 10:19:46 2021 +0800
committerWoody Lin <woodylin@google.com>Thu Jul 01 16:38:58 2021 +0800
tree33838bcf4dfc67759a65ec5f7fa236ac2dfa300f
parent4ff64e9b71c0a5e20add40037ab8dffe93ce7371 [diff]
pixel-sepolicy/ramdump: create ramdump_vendor_fs

Bug 177481425 requires a dedicated file type for fscontext to mount
fusefs. To reduce code changes difference between sc-dev and master,
create file_type 'ramdump_vendor_fs' for both as base. Later it will be
revised to 'fusefs_type' on master branch only.

Bug: 177481425
Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18

diff --git a/ramdump/common/file.te b/ramdump/common/file.te
index e1382df..78ad1db 100644
--- a/ramdump/common/file.te
+++ b/ramdump/common/file.te

@@ -1,2 +1,3 @@
 type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, file_type, data_file_type, mlstrustedobject;

diff --git a/ramdump/ramdump.te b/ramdump/ramdump.te
index 9b3e475..d66139f 100644
--- a/ramdump/ramdump.te
+++ b/ramdump/ramdump.te

@@ -39,7 +39,8 @@
   allow ramdump fuse_device:chr_file rw_file_perms;
   allow ramdump mnt_vendor_file:dir r_dir_perms;
   allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
-  allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
+  allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto };
+  allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate;
 
   # Access new Stats AIDL APIs (ag/13714907).
   allow ramdump fwk_stats_service:service_manager find;