From 9fbd65200d5da704e8eff1fdd5a4e7ab46eb3a45 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Wed, 7 Feb 2018 09:45:39 -0800
Subject: [PATCH] Add internal types to 27.0[.ignore].cil.

Bug: 69390067
Test: manual run of treble_sepolicy_tests
Change-Id: I1b772a3f7c96875765c75bfc1031f249411c3338
---
 private/compat/27.0/27.0.cil        | 5 ++++-
 private/compat/27.0/27.0.ignore.cil | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 06f4c9122..3246d1468 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,5 +1,6 @@
 ;; types removed from current policy
 (type reboot_data_file)
+(type vold_socket)
 
 (expandtypeattribute (accessibility_service_27_0) true)
 (expandtypeattribute (account_service_27_0) true)
@@ -1399,7 +1400,9 @@
 (typeattributeset unencrypted_data_file_27_0 (unencrypted_data_file))
 (typeattributeset unlabeled_27_0 (unlabeled))
 (typeattributeset untrusted_app_25_27_0 (untrusted_app_25))
-(typeattributeset untrusted_app_27_0 (untrusted_app))
+(typeattributeset untrusted_app_27_0
+  ( untrusted_app
+    untrusted_app_27))
 (typeattributeset untrusted_v2_app_27_0 (untrusted_v2_app))
 (typeattributeset update_engine_27_0 (update_engine))
 (typeattributeset update_engine_data_file_27_0 (update_engine_data_file))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 99db6624e..d7bac8de8 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -30,12 +30,14 @@
     exported_system_prop
     exported_system_radio_prop
     exported_vold_prop
+    fingerprint_vendor_data_file
     fs_bpf
     hal_authsecret_hwservice
     hal_confirmationui_hwservice
     hal_lowpan_hwservice
     hal_secure_element_hwservice
     hal_usb_gadget_hwservice
+    hal_wifi_hostapd_hwservice
     incident_helper
     incident_helper_exec
     last_boot_reason_prop
@@ -78,6 +80,7 @@
     traced_tmpfs
     traceur_app
     traceur_app_tmpfs
+    untrusted_app_all_devpts
     update_engine_log_data_file
     usbd
     usbd_exec
@@ -95,3 +98,8 @@
     wpantund_service
     wpantund_tmpfs))
 
+;; private_objects - a collection of types that were labeled differently in
+;;     older policy, but that should not remain accessible to vendor policy.
+;;     Thus, these types are also not mapped, but recorded for checkapi tests
+(typeattribute priv_objects)
+(typeattributeset priv_objects (untrusted_app_27_tmpfs))
-- 
GitLab