commit | 3e70db526ef05bbf5d9f42072717a91e9866763c | [log] [tgz] |
---|---|---|
author | Tri Vo <trong@google.com> | Tue Oct 01 15:23:25 2019 -0700 |
committer | Tri Vo <trong@google.com> | Tue Oct 01 15:23:27 2019 -0700 |
tree | d072754e1a3cb7a628f312c74e5936fe4a142adb | |
parent | ec0b62e197e1731255797833b855001df8d19bc7 [diff] |
sepolicy: fix missing label on vendor_service_contexts Vendors can publish services with servicemanager only on non-Treble builds. vendor_service_contexts is not meant to be read by servicemanager. https://android.googlesource.com/platform/system/sepolicy/+/5bccbfefe494aa6fed73a58d80713e28257ba7f1/public/servicemanager.te#22 Bug: 141333155 Test: create /vendor/etc/selinux/vendor_service_contexts and make sure it is correctly labeled. Change-Id: Ib68c50e0cdb2c39f0857a10289bfa26fa11b1b3c
diff --git a/private/file_contexts b/private/file_contexts index a552d47..52354e2 100644 --- a/private/file_contexts +++ b/private/file_contexts
@@ -363,6 +363,8 @@ # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 +/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0 + ############################# # OEM and ODM files #