Merge "Add vendor_public_framework_file type to SEPolicy"
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 8340c76..fb0fa44 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1914,7 +1914,9 @@
(typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file))
(typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file))
(typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file))
-(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file))
+(typeattributeset vendor_public_lib_file_29_0
+ ( vendor_public_framework_file
+ vendor_public_lib_file))
(typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop))
(typeattributeset vendor_shell_29_0 (vendor_shell))
(typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec))
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index a2ae272..3830fc0 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -2185,7 +2185,9 @@
(typeattributeset vendor_misc_writer_30_0 (vendor_misc_writer))
(typeattributeset vendor_misc_writer_exec_30_0 (vendor_misc_writer_exec))
(typeattributeset vendor_overlay_file_30_0 (vendor_overlay_file))
-(typeattributeset vendor_public_lib_file_30_0 (vendor_public_lib_file))
+(typeattributeset vendor_public_lib_file_30_0
+ ( vendor_public_framework_file
+ vendor_public_lib_file))
(typeattributeset vendor_security_patch_level_prop_30_0 (vendor_security_patch_level_prop))
(typeattributeset vendor_shell_30_0 (vendor_shell))
(typeattributeset vendor_shell_exec_30_0 (vendor_shell_exec))
diff --git a/private/domain.te b/private/domain.te
index 4b04e85..0908661 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -471,6 +471,7 @@
-vendor_keychars_file
-vendor_keylayout_file
-vendor_overlay_file
+ -vendor_public_framework_file
-vendor_public_lib_file
-vendor_task_profiles_file
-vndk_sp_file
diff --git a/public/app.te b/public/app.te
index 5eb20d8..39d67af 100644
--- a/public/app.te
+++ b/public/app.te
@@ -120,8 +120,8 @@
r_dir_file(appdomain, vendor_framework_file)
# Allow apps read / execute access to vendor public libraries.
-allow appdomain vendor_public_lib_file:dir r_dir_perms;
-allow appdomain vendor_public_lib_file:file { execute read open getattr map };
+allow appdomain {vendor_public_framework_file vendor_public_lib_file}:dir r_dir_perms;
+allow appdomain {vendor_public_framework_file vendor_public_lib_file}:file { execute read open getattr map };
# Read/write wallpaper file (opened by system).
allow appdomain wallpaper_file:file { getattr read write map };
diff --git a/public/domain.te b/public/domain.te
index f0c5d4f..7c2e3fe 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -987,6 +987,7 @@
-same_process_hal_file
-vndk_sp_file
-vendor_app_file
+ -vendor_public_framework_file
-vendor_public_lib_file
}:file execute;
')
@@ -1349,7 +1350,7 @@
neverallow {
coredomain
-appdomain
- } vendor_public_lib_file:file { execute execute_no_trans };
+ } {vendor_public_framework_file vendor_public_lib_file}:file { execute execute_no_trans };
')
# Vendor domian must not have access to /mnt/product.
diff --git a/public/file.te b/public/file.te
index b7336ea..39581c4 100644
--- a/public/file.te
+++ b/public/file.te
@@ -224,6 +224,9 @@
# Type for all vendor public libraries. These libs should only be exposed to
# apps. ABI stability of these libs is vendor's responsibility.
type vendor_public_lib_file, vendor_file_type, file_type;
+# Type for all vendor public libraries for system. These libs should only be exposed to
+# system. ABI stability of these libs is vendor's responsibility.
+type vendor_public_framework_file, vendor_file_type, file_type;
# Input configuration
type vendor_keylayout_file, vendor_file_type, file_type;