sepolicy: fix missing label on vendor_service_contexts Vendors can publish services with servicemanager only on non-Treble builds. vendor_service_contexts is not meant to be read by servicemanager. https://android.googlesource.com/platform/system/sepolicy/+/5bccbfefe494aa6fed73a58d80713e28257ba7f1/public/servicemanager.te#22 Bug: 141333155 Test: create /vendor/etc/selinux/vendor_service_contexts and make sure it is correctly labeled. Change-Id: Ib68c50e0cdb2c39f0857a10289bfa26fa11b1b3c

commit: 3e70db526ef05bbf5d9f42072717a91e9866763c [log] [tgz]
author: Tri Vo <trong@google.com> Tue Oct 01 15:23:25 2019 -0700
committer: Tri Vo <trong@google.com> Tue Oct 01 15:23:27 2019 -0700
tree: d072754e1a3cb7a628f312c74e5936fe4a142adb
parent: ec0b62e197e1731255797833b855001df8d19bc7 [diff]
diff --git a/private/file_contexts b/private/file_contexts
index a552d47..52354e2 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -363,6 +363,8 @@
 # HAL location
 /(vendor|system/vendor)/lib(64)?/hw            u:object_r:vendor_hal_file:s0
 
+/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0
+
 #############################
 # OEM and ODM files
 #

diff --git a/public/file.te b/public/file.te
index 45c2fbc..8a8a0bc 100644
--- a/public/file.te
+++ b/public/file.te

@@ -477,7 +477,7 @@
 type service_contexts_file, system_file_type, file_type;
 
 # nonplat service_contexts file (only accessible on non full-treble devices)
-type nonplat_service_contexts_file, file_type;
+type nonplat_service_contexts_file, vendor_file_type, file_type;
 
 # hwservice_contexts file
 type hwservice_contexts_file, system_file_type, file_type;
commit	3e70db526ef05bbf5d9f42072717a91e9866763c	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Oct 01 15:23:25 2019 -0700
committer	Tri Vo <trong@google.com>	Tue Oct 01 15:23:27 2019 -0700
tree	d072754e1a3cb7a628f312c74e5936fe4a142adb
parent	ec0b62e197e1731255797833b855001df8d19bc7 [diff]