Make sure all public types are defined regardless of build variants
The types need to be exported so userdebug system.img
can still build the policy with a user vendor.img at boot time.
All permissions and attributes for these types are still kept under
conditional userdebug_or_eng macro
Bug: 37433251
Test: Boot sailfish-user build with generic_arm64_ab system.img on
sailfish and make sure sepolicy compilation succeeds
Change-Id: I98e8428c414546dfc74641700d4846edcf9355b1
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 35e308cf712894eddd521edb33ffbdf748a91952)
diff --git a/public/perfprofd.te b/public/perfprofd.te
index eed7e58..f0df6a0 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -1,9 +1,12 @@
# perfprofd - perf profile collection daemon
+type perfprofd, domain;
type perfprofd_exec, exec_type, file_type;
userdebug_or_eng(`
- type perfprofd, domain, domain_deprecated, mlstrustedsubject;
+ typeattribute perfprofd domain_deprecated;
+ typeattribute perfprofd coredomain;
+ typeattribute perfprofd mlstrustedsubject;
# perfprofd needs to control CPU hot-plug in order to avoid kernel
# perfevents problems in cases where CPU goes on/off during measurement;
diff --git a/public/su.te b/public/su.te
index 8cb386d..ec14dee 100644
--- a/public/su.te
+++ b/public/su.te
@@ -1,3 +1,7 @@
+# All types must be defined regardless of build variant to ensure
+# policy compilation succeeds with userdebug/user combination at boot
+type su, domain;
+
# File types must be defined for file_contexts.
type su_exec, exec_type, file_type;
@@ -5,7 +9,7 @@
# Domain used for su processes, as well as for adbd and adb shell
# after performing an adb root command. The domain definition is
# wrapped to ensure that it does not exist at all on -user builds.
- type su, domain, mlstrustedsubject;
+ typeattribute su mlstrustedsubject;
# Add su to various domains
net_domain(su)