add file contexts for factory_post_boot.sh

Bug: 191531000 Test: TreeHugger, built and booted to home, check factory cgroup Change-Id: Id9faa3b4b9662f23dc56d8bd3a027aaeb6315fa5
author: Luke Chang <lukechang@google.com> 2021-07-16 19:17:12 +0800
committer: Luke Chang <lukechang@google.com> 2021-07-20 11:03:00 +0800
commit: 4342600ecf7625a3de9eb80c3a5f85a06a15794f (patch)
tree: c11504bec6e206cb8f7af8ed77919aaaae8f80cc
parent: 80300f9daf7ea82ddee2ae2626cd33e84c9c6e7e (diff)
download: pixel-sepolicy-4342600ecf7625a3de9eb80c3a5f85a06a15794f.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/factory_boost/factory-post-boot.te b/factory_boost/factory-post-boot.te
new file mode 100644
index 0000000..103b6eb
--- /dev/null
+++ b/factory_boost/factory-post-boot.te
@@ -0,0 +1,6 @@
+# for factory_-prefixed targets only
+type factory-post-boot-sh, domain;
+type factory-post-boot-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(factory-post-boot-sh)
+
+allow factory-post-boot-sh vendor_toolbox_exec:file execute_no_trans;
diff --git a/factory_boost/file_contexts b/factory_boost/file_contexts
new file mode 100644
index 0000000..976e219
--- /dev/null
+++ b/factory_boost/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/factory/factory_post_boot                                                u:object_r:factory-post-boot-sh_exec:s0
author	Luke Chang <lukechang@google.com>	2021-07-16 19:17:12 +0800
committer	Luke Chang <lukechang@google.com>	2021-07-20 11:03:00 +0800
commit	4342600ecf7625a3de9eb80c3a5f85a06a15794f (patch)
tree	c11504bec6e206cb8f7af8ed77919aaaae8f80cc
parent	80300f9daf7ea82ddee2ae2626cd33e84c9c6e7e (diff)
download	pixel-sepolicy-4342600ecf7625a3de9eb80c3a5f85a06a15794f.tar.gz