Skip to content
Snippets Groups Projects
Commit 30c3c2a8 authored by Tri Vo's avatar Tri Vo
Browse files

Files under /vendor must have attribute vendor_file_type. 

Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785
parent 1d2c3f44
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/file_contexts
+ 0
11
View file @ 30c3c2a8
...@@ -308,17 +308,6 @@ ...@@ -308,17 +308,6 @@
# HAL location # HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
/vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0
/vendor/etc/selinux/nonplat_property_contexts u:object_r:property_contexts_file:s0
/vendor/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
/vendor/etc/selinux/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/vendor/etc/selinux/nonplat_file_contexts u:object_r:file_contexts_file:s0
/vendor/etc/selinux/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0
/vendor/etc/selinux/nonplat_sepolicy.cil u:object_r:sepolicy_file:s0
/vendor/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0
/vendor/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
/vendor/etc/selinux/vndservice_contexts u:object_r:vndservice_contexts_file:s0
############################# #############################
# OEM and ODM files # OEM and ODM files
# #
......
tests/sepolicy_tests.py
+ 6
0
View file @ 30c3c2a8
...@@ -19,6 +19,10 @@ def TestDebugfsTypeViolations(pol): ...@@ -19,6 +19,10 @@ def TestDebugfsTypeViolations(pol):
# TODO: this should apply to genfs_context entries as well # TODO: this should apply to genfs_context entries as well
return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/", return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
"/sys/kernel/tracing"], [], "debugfs_type") "/sys/kernel/tracing"], [], "debugfs_type")
def TestVendorTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
### ###
# extend OptionParser to allow the same option flag to be used multiple times. # extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be # This is used to allow multiple file_contexts files and tests to be
...@@ -81,6 +85,8 @@ if __name__ == '__main__': ...@@ -81,6 +85,8 @@ if __name__ == '__main__':
results += TestSysfsTypeViolations(pol) results += TestSysfsTypeViolations(pol)
if options.test is None or "TestDebugfsTypeViolations" in options.test: if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol) results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test:
results += TestVendorTypeViolations(pol)
if len(results) > 0: if len(results) > 0:
sys.exit(results) sys.exit(results)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment