system_writes_mnt_vendor_violators for device launched before P.
In cases when a device upgrades to system-as-root from O to P, it needs a mount
point for an already existing partition that is accessed by both system and
vendor.
Devices launching with P must not have /mnt/vendor accessible to system.
Bug: 78598545
Test: m selinx_policy
Change-Id: Ia7bcde44e2b8657a7ad9e0d9bae7a7259f40936f
diff --git a/public/attributes b/public/attributes
index c8db1fd..ec707cc 100644
--- a/public/attributes
+++ b/public/attributes
@@ -184,6 +184,11 @@
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
+# All system domains which violate the requirement of not writing to
+# /mnt/vendor/*. Must not be used on devices launched with P or later.
+attribute system_writes_mnt_vendor_violators;
+expandattribute system_writes_mnt_vendor_violators false;
+
# hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the
diff --git a/public/domain.te b/public/domain.te
index 08f7e3e..670aa1a 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1434,6 +1434,7 @@
-init
-ueventd
-vold
+ -system_writes_mnt_vendor_violators
} mnt_vendor_file:dir *;
# Only apps are allowed access to vendor public libraries.