commit b3bffe88ab0d05f1bcda712e4d0fdd22566652fa
author Ashwini Oruganti <ashfall@google.com> Mon Jun 15 11:14:04 2020 -0700
committer Ashwini Oruganti <ashfall@google.com> Mon Jun 15 11:19:44 2020 -0700
tree 346c6532e5915dbfb3327a9c9b9992347a62cfe4
parent b45b42a3d39ed92fe566393d9892719fe58c03ab

Actually route PermissionController to the right domain

com.android.permissioncontroller was getting routed to platform_app
since specified seinfo takes precedence over unspecified seinfo. This
change adds seinfo=platform to the rule for
com.android.permissioncontroller so it correctly runs in the
permissioncontroller_app domain.

Bug: 158953123
Test: Treehugger + android.security.cts.SELinuxHostTest#testPermissionControllerDomain
Change-Id: I721fbf43a9774ed11414dd084bedaeb7216a76dd

private/seapp_contexts

diff --git a/private/seapp_contexts b/private/seapp_contexts
index e944063..ebbbf08 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -161,7 +161,7 @@
 user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
 user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user