From 30c3c2a85c0282dc2a26eaa136755edc3be67be9 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Wed, 10 Jan 2018 11:04:06 -0800
Subject: [PATCH] Files under /vendor must have attribute vendor_file_type.

Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785
---
 private/file_contexts   | 11 -----------
 tests/sepolicy_tests.py |  6 ++++++
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/private/file_contexts b/private/file_contexts
index 4abd8d8b8..52003d6b7 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -308,17 +308,6 @@
 # HAL location
 /(vendor|system/vendor)/lib(64)?/hw            u:object_r:vendor_hal_file:s0
 
-/vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0
-/vendor/etc/selinux/nonplat_property_contexts   u:object_r:property_contexts_file:s0
-/vendor/etc/selinux/nonplat_service_contexts    u:object_r:nonplat_service_contexts_file:s0
-/vendor/etc/selinux/nonplat_hwservice_contexts    u:object_r:hwservice_contexts_file:s0
-/vendor/etc/selinux/nonplat_file_contexts   u:object_r:file_contexts_file:s0
-/vendor/etc/selinux/nonplat_seapp_contexts    u:object_r:seapp_contexts_file:s0
-/vendor/etc/selinux/nonplat_sepolicy.cil       u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/precompiled_sepolicy        u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
-/vendor/etc/selinux/vndservice_contexts         u:object_r:vndservice_contexts_file:s0
-
 #############################
 # OEM and ODM files
 #
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 3edf1f257..275debb0b 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -19,6 +19,10 @@ def TestDebugfsTypeViolations(pol):
     # TODO: this should apply to genfs_context entries as well
     return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
                                     "/sys/kernel/tracing"], [], "debugfs_type")
+
+def TestVendorTypeViolations(pol):
+    return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
+
 ###
 # extend OptionParser to allow the same option flag to be used multiple times.
 # This is used to allow multiple file_contexts files and tests to be
@@ -81,6 +85,8 @@ if __name__ == '__main__':
         results += TestSysfsTypeViolations(pol)
     if options.test is None or "TestDebugfsTypeViolations" in options.test:
         results += TestDebugfsTypeViolations(pol)
+    if options.test is None or "TestVendorTypeViolations" in options.test:
+        results += TestVendorTypeViolations(pol)
 
     if len(results) > 0:
         sys.exit(results)
-- 
GitLab