From ecc4868f715b74d65b75c42ff3839192f42a3a24 Mon Sep 17 00:00:00 2001
From: Tom Cherry <tomcherry@google.com>
Date: Mon, 22 Jan 2018 14:31:50 -0800
Subject: [PATCH] Label /vendor_file_contexts as file_contexts_file

vendor_init doesn't have permissions to read rootfs labeled files, but
needs to read /vendor_file_contexts to do restorecon correctly.  This
file is a file_contexts file, so labeling it as such seems appropriate.

Test: bullhead + vendor_init doesn't hit this audit
Change-Id: I1f2cf7dd7de17806ac0f1dfe2483fb6d6659939b
---
 private/file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/file_contexts b/private/file_contexts
index 9083b0cdd..b2a22a25e 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -38,6 +38,7 @@
 /sdcard             u:object_r:rootfs:s0
 
 # SELinux policy files
+/vendor_file_contexts   u:object_r:file_contexts_file:s0
 /nonplat_file_contexts  u:object_r:file_contexts_file:s0
 /plat_file_contexts     u:object_r:file_contexts_file:s0
 /mapping_sepolicy\.cil   u:object_r:sepolicy_file:s0
-- 
GitLab