Add sepolicy for FUSE control filesystem. To allow vold to abort it. Bug: 153411204 Test: vold can access it Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa

commit: aa2cb5129e24a33005519d21720b9ab823d63442 [log] [tgz]
author: Martijn Coenen <maco@google.com> Thu May 28 15:04:48 2020 +0200
committer: Martijn Coenen <maco@google.com> Mon Jun 08 20:40:01 2020 +0200
tree: 8e25ca5c6dc19657fecc1e9eb2a89d1830e6c90a
parent: 47a7b78d43e44eda5deabae3108103b537ef702b [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 40e91e2..50bd5ab 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -46,6 +46,7 @@
     fastbootd_protocol_prop
     file_integrity_service
     fwk_automotive_display_hwservice
+    fusectlfs
     gmscore_app
     gnss_device
     hal_can_bus_hwservice

diff --git a/private/genfs_contexts b/private/genfs_contexts
index b423e64..51f2ce7 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -98,6 +98,8 @@
 genfscon proc /vmstat u:object_r:proc_vmstat:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
 
+genfscon fusectl / u:object_r:fusectlfs:s0
+
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 genfscon cgroup / u:object_r:cgroup:s0
commit	aa2cb5129e24a33005519d21720b9ab823d63442	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Thu May 28 15:04:48 2020 +0200
committer	Martijn Coenen <maco@google.com>	Mon Jun 08 20:40:01 2020 +0200
tree	8e25ca5c6dc19657fecc1e9eb2a89d1830e6c90a
parent	47a7b78d43e44eda5deabae3108103b537ef702b [diff]