Merge "Add sepolicy for IFingerprint"
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 66286d5..dc5a4e2 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -24,4 +24,5 @@
shell_test_data_file
sysfs_devices_cs_etm
update_engine_stable_service
+ updateable_module_file
userspace_reboot_metadata_file))
diff --git a/private/file_contexts b/private/file_contexts
index 27bbb3d..8fa09bb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -479,6 +479,13 @@
/(odm_dlkm|vendor/odm_dlkm|system/vendor/odm_dlkm)(/.*)? u:object_r:vendor_file:s0
#############################
+# Modules files
+# This includes updateable modules (including APEXes and APKs) that are stored
+# in the modules partition.
+#
+/modules(/.*)? u:object_r:updateable_module_file:s0
+
+#############################
# Vendor files from /(product|system/product)/vendor_overlay
#
# NOTE: For additional vendor file contexts for vendor overlay files,
diff --git a/public/file.te b/public/file.te
index 3d10999..383dea6 100644
--- a/public/file.te
+++ b/public/file.te
@@ -532,6 +532,9 @@
# vndservice_contexts file
type vndservice_contexts_file, file_type;
+# /modules for updateable modules
+type updateable_module_file, file_type;
+
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate;