Files under /vendor must have attribute vendor_file_type. Label /vendor/etc/selinux/* as vendor_configs_file. Bug: 62041836 Test: build system/sepolicy Test: walleye boots Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785

commit: 30c3c2a85c0282dc2a26eaa136755edc3be67be9 [log] [tgz]
author: Tri Vo <trong@google.com> Wed Jan 10 11:04:06 2018 -0800
committer: Tri Vo <trong@google.com> Fri Jan 12 00:05:41 2018 +0000
tree: 674679fb4e7313528afd9e5210e17a2c7d6ac752
parent: 1d2c3f4406cf755432ca3f9cba1e836b438d7672 [diff]
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 3edf1f2..275debb 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py

@@ -19,6 +19,10 @@
     # TODO: this should apply to genfs_context entries as well
     return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
                                     "/sys/kernel/tracing"], [], "debugfs_type")
+
+def TestVendorTypeViolations(pol):
+    return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
+
 ###
 # extend OptionParser to allow the same option flag to be used multiple times.
 # This is used to allow multiple file_contexts files and tests to be
@@ -81,6 +85,8 @@
         results += TestSysfsTypeViolations(pol)
     if options.test is None or "TestDebugfsTypeViolations" in options.test:
         results += TestDebugfsTypeViolations(pol)
+    if options.test is None or "TestVendorTypeViolations" in options.test:
+        results += TestVendorTypeViolations(pol)
 
     if len(results) > 0:
         sys.exit(results)
commit	30c3c2a85c0282dc2a26eaa136755edc3be67be9	[log] [tgz]
author	Tri Vo <trong@google.com>	Wed Jan 10 11:04:06 2018 -0800
committer	Tri Vo <trong@google.com>	Fri Jan 12 00:05:41 2018 +0000
tree	674679fb4e7313528afd9e5210e17a2c7d6ac752
parent	1d2c3f4406cf755432ca3f9cba1e836b438d7672 [diff]