prop_context: correctly label all property_context files

split property context file in vendor and sytem were left untouched by the recent changes. This was working accidentally because they were still accessible to all domains as 'system_file'. Bug: 36002573 Test: Boot sailfish to observe no new denials. Test: 'adb sideload' OTA on sailfish successfully Change-Id: I5bec058b59db83d2a431e9f7e91c5a09af7d2942 Signed-off-by: Sandeep Patil <sspatil@google.com>

prop_context: correctly label all property_context files
54a42001 · Sandeep Patil · 4a478c47 · 54a42001 · 54a42001 · 54a42001
Commit 54a42001 authored 7 years ago by Sandeep Patil
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -44,8 +44,8 @@
 /mapping_sepolicy\.cil   u:object_r:rootfs:s0
 /nonplat_sepolicy\.cil   u:object_r:rootfs:s0
 /plat_sepolicy\.cil      u:object_r:rootfs:s0
-/plat_property_contexts  u:object_r:property_contexts:s0
+/plat_property_contexts  u:object_r:property_contexts_file:s0
-/nonplat_property_contexts  u:object_r:property_contexts:s0
+/nonplat_property_contexts  u:object_r:property_contexts_file:s0
 /seapp_contexts     u:object_r:rootfs:s0
 /nonplat_seapp_contexts     u:object_r:rootfs:s0
 /plat_seapp_contexts     u:object_r:rootfs:s0
@@ -249,11 +249,13 @@
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
 /system/bin/vr_wm                u:object_r:vr_wm_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
+/system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
 #############################
 # Vendor files
 #
 /vendor(/.*)?		u:object_r:system_file:s0
+/vendor/etc/selinux/nonplat_property_contexts   u:object_r:property_contexts_file:s0
 #############################
 # OEM and ODM files

--- a/public/domain.te
+++ b/public/domain.te
@@ -89,7 +89,7 @@ get_prop(domain, core_property_type)
 # messages to logd.
 get_prop(domain, log_property_type)
 dontaudit domain property_type:file audit_access;
-allow domain property_contexts:file r_file_perms;
+allow domain property_contexts_file:file r_file_perms;
 allow domain init:key search;
 allow domain vold:key search;

--- a/public/file.te
+++ b/public/file.te
@@ -257,7 +257,7 @@ type sap_uim_socket, file_type;
 type gps_control, file_type;
 # property_contexts file
-type property_contexts, file_type;
+type property_contexts_file, file_type;
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;