toolbox: add sepolicy for vendor toybox The vendor toybox MUST always be executed without transition and non-vendor processes are not allowed to execute the binary. Bug: 36463595 Test: Boot and test if system shell can run /vendor/bin/echo Result: requires 'su' Change-Id: Ifb9aa61f247f91fb870b99d60ac7f849ee9c6adc Signed-off-by: Sandeep Patil <sspatil@google.com> (cherry picked from commit c112cd18e8999c0242a2560219033231a0e19898)

commit: 4fe441fb5fa75ba7d07d35fbee3855223f86e2c7 [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Wed Apr 12 15:19:12 2017 -0700
committer: Sandeep Patil <sspatil@google.com> Thu Apr 13 16:32:34 2017 -0700
tree: 8ef3098ac30654d28786948da3b8a667c7dc03f8
parent: 0b9432023d7e29b802cfc41be259de3554b26efb [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index c31ec06..1bc1716 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -265,6 +265,7 @@
 # Vendor files
 #
 /(vendor|system/vendor)(/.*)?                  u:object_r:vendor_file:s0
+/(vendor|system/vendor)/bin/toybox_vendor      u:object_r:vendor_toolbox_exec:s0
 /(vendor|system/vendor)/etc(/.*)?              u:object_r:vendor_configs_file:s0
 
 /(vendor|system/vendor)/lib(64)?/egl(/.*)?     u:object_r:same_process_hal_file:s0
commit	4fe441fb5fa75ba7d07d35fbee3855223f86e2c7	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Wed Apr 12 15:19:12 2017 -0700
committer	Sandeep Patil <sspatil@google.com>	Thu Apr 13 16:32:34 2017 -0700
tree	8ef3098ac30654d28786948da3b8a667c7dc03f8
parent	0b9432023d7e29b802cfc41be259de3554b26efb [diff] [blame]