| Inseob Kim | 78fd639 | 2023-06-23 15:48:04 +0900 | [diff] [blame] | 1 | ;; complement CIL file for compatibility between ToT policy and 34.0 vendors. |
| 2 | ;; will be compiled along with other normal policy files, on 34.0 vendors. |
| 3 | ;; |
| Alan Stokes | 8a6bb3e | 2024-06-05 13:40:37 +0100 | [diff] [blame^] | 4 | |
| 5 | ;; This type may or may not already exist in vendor policy. The 202404 sepolicy |
| 6 | ;; (well, the 24Q1 release) added hidraw_device, but existing vendor policy |
| 7 | ;; may still label the relevant devices with the old label. |
| 8 | ;; |
| 9 | ;; Re-define it here (duplicate definitions in CIL will be ignored) - so we can |
| 10 | ;; duplicate the new policy for the old label to keep things working. |
| 11 | ;; (Doing this in 34.0.cil ended up being too messy.) |
| 12 | ;; See b/340923653. |
| 13 | (type vendor_hidraw_device) |
| 14 | (typeattributeset dev_type (vendor_hidraw_device)) |
| 15 | |
| 16 | (allow system_server vendor_hidraw_device (dir (open getattr read search ioctl lock watch watch_reads))) |
| 17 | (allow system_server vendor_hidraw_device (chr_file (getattr open read ioctl lock map watch watch_reads append write))) |