From 4d19f98c728373860c5628d46fe5f4d664c601d2 Mon Sep 17 00:00:00 2001
From: Daichi Hirono <hirono@google.com>
Date: Tue, 22 Mar 2016 17:14:30 +0900
Subject: [PATCH] Add mlstrustedobject to appfuse object type.

To write bytes to appfuse file from priv_app, we need to specify
mlstrustedobject.
The CL fixes the following denial.

type=1400 audit(0.0:77): avc: denied { write } for name="10" dev="fuse" ino=10 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0

BUG=23093747

Change-Id: I9901033bb3349d5def0bd7128db45a1169856dc1
---
 file.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/file.te b/file.te
index 640fbe231..b789e36e5 100644
--- a/file.te
+++ b/file.te
@@ -181,7 +181,7 @@ type bluetooth_efs_file, file_type;
 # Type for fingerprint template file.
 type fingerprintd_data_file, file_type, data_file_type;
 # Type for appfuse file.
-type app_fuse_file, file_type, data_file_type;
+type app_fuse_file, file_type, data_file_type, mlstrustedobject;
 
 # Socket types
 type adbd_socket, file_type;
-- 
GitLab