sepolicy: ashmem entry point for libcutils This duplicated ashmem device is intended to replace ashmemd. Ashmem fd has a label of the domain that opens it. Now with ashmemd removed, ashmem fds can have labels other than "ashmemd", e.g. "system_server". We add missing permissions to make ashmem fds usable. Bug: 139855428 Test: boot device Change-Id: Iec8352567f1e4f171f76db1272935eee59156954

commit: a7f61021b798cd7b35f81b12340d9ba216808c0b [log] [tgz]
author: Tri Vo <trong@google.com> Tue Sep 24 14:43:00 2019 -0700
committer: Tri Vo <trong@google.com> Wed Sep 25 11:26:18 2019 -0700
tree: d37f0b9cfb38839b0cbd66267dbf935669ecd86e
parent: 93b9db56aa76c75f08c448b5881f7c4f20273b0d [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 84eff89..4257087 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    ashmem_libcutils_device
     boringssl_self_test
     charger_prop
     cold_boot_done_prop

diff --git a/private/file_contexts b/private/file_contexts
index 1e9549c..b1b100e 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -75,6 +75,7 @@
 /dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
+/dev/ashmem(.*)?	u:object_r:ashmem_libcutils_device:s0
 /dev/audio.*		u:object_r:audio_device:s0
 /dev/binder		u:object_r:binder_device:s0
 /dev/block(/.*)?	u:object_r:block_device:s0
commit	a7f61021b798cd7b35f81b12340d9ba216808c0b	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Sep 24 14:43:00 2019 -0700
committer	Tri Vo <trong@google.com>	Wed Sep 25 11:26:18 2019 -0700
tree	d37f0b9cfb38839b0cbd66267dbf935669ecd86e
parent	93b9db56aa76c75f08c448b5881f7c4f20273b0d [diff]