Add mechanism for granting permissions to old vendor images This addresses Treble backwards compat issues introduced in aosp/793958 and aosp/783669. Bug: 122874820 Test: build/flash blueline with pi-dev vendor and generic_ab system images. Test: adb pull /sys/fs/selinux/policy; sesearch policy --allowx -s vendordomain -t dev_type Change-Id: Ic2b304472bb88051e03740dc387834056aba641a

commit: 564e292ae641271adba61fc2d7b4081768393a84 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Thu May 02 13:48:44 2019 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Mon May 06 12:32:51 2019 -0700
tree: 8870cb1ee3d280f5c64fa561bbe9f2cb27020e66
parent: 3db3b1148b9cf65d95a7513422662f6bafaba3cc [diff] [blame]
diff --git a/private/compat/27.0/27.0.compat.cil b/private/compat/27.0/27.0.compat.cil
new file mode 100644
index 0000000..9031d15
--- /dev/null
+++ b/private/compat/27.0/27.0.compat.cil

@@ -0,0 +1,4 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
commit	564e292ae641271adba61fc2d7b4081768393a84	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Thu May 02 13:48:44 2019 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Mon May 06 12:32:51 2019 -0700
tree	8870cb1ee3d280f5c64fa561bbe9f2cb27020e66
parent	3db3b1148b9cf65d95a7513422662f6bafaba3cc [diff] [blame]