commit 30c3c2a85c0282dc2a26eaa136755edc3be67be9
author Tri Vo <trong@google.com> Wed Jan 10 11:04:06 2018 -0800
committer Tri Vo <trong@google.com> Fri Jan 12 00:05:41 2018 +0000
tree 674679fb4e7313528afd9e5210e17a2c7d6ac752
parent 1d2c3f4406cf755432ca3f9cba1e836b438d7672

Files under /vendor must have attribute vendor_file_type.

Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 4abd8d8..52003d6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -308,17 +308,6 @@
 # HAL location
 /(vendor|system/vendor)/lib(64)?/hw            u:object_r:vendor_hal_file:s0
 
-/vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0
-/vendor/etc/selinux/nonplat_property_contexts   u:object_r:property_contexts_file:s0
-/vendor/etc/selinux/nonplat_service_contexts    u:object_r:nonplat_service_contexts_file:s0
-/vendor/etc/selinux/nonplat_hwservice_contexts    u:object_r:hwservice_contexts_file:s0
-/vendor/etc/selinux/nonplat_file_contexts   u:object_r:file_contexts_file:s0
-/vendor/etc/selinux/nonplat_seapp_contexts    u:object_r:seapp_contexts_file:s0
-/vendor/etc/selinux/nonplat_sepolicy.cil       u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/precompiled_sepolicy        u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/vndservice_contexts         u:object_r:vndservice_contexts_file:s0
-
 #############################
 # OEM and ODM files
 #

tests/sepolicy_tests.py

diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 3edf1f2..275debb 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -19,6 +19,10 @@
     # TODO: this should apply to genfs_context entries as well
     return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
                                     "/sys/kernel/tracing"], [], "debugfs_type")
+
+def TestVendorTypeViolations(pol):
+    return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
+
 ###
 # extend OptionParser to allow the same option flag to be used multiple times.
 # This is used to allow multiple file_contexts files and tests to be
@@ -81,6 +85,8 @@
         results += TestSysfsTypeViolations(pol)
     if options.test is None or "TestDebugfsTypeViolations" in options.test:
         results += TestDebugfsTypeViolations(pol)
+    if options.test is None or "TestVendorTypeViolations" in options.test:
+        results += TestVendorTypeViolations(pol)
 
     if len(results) > 0:
         sys.exit(results)