pixel-sepolicy/ramdump: create ramdump_vendor_fs

Bug 177481425 requires a dedicated file type for fscontext to mount
fusefs. To reduce code changes difference between sc-dev and master,
create file_type 'ramdump_vendor_fs' for both as base. Later it will be
revised to 'fusefs_type' on master branch only.

Bug: 177481425
Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18

2 files changed, 3 insertions, 1 deletions

diff --git a/ramdump/common/file.te b/ramdump/common/file.te
index e1382df..78ad1db 100644
--- a/ramdump/common/file.te
+++ b/ramdump/common/file.te
@@ -1,2 +1,3 @@
 type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, file_type, data_file_type, mlstrustedobject;
diff --git a/ramdump/ramdump.te b/ramdump/ramdump.te
index 9b3e475..d66139f 100644
--- a/ramdump/ramdump.te
+++ b/ramdump/ramdump.te
@@ -39,7 +39,8 @@ userdebug_or_eng(`
   allow ramdump fuse_device:chr_file rw_file_perms;
   allow ramdump mnt_vendor_file:dir r_dir_perms;
   allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
-  allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
+  allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto };
+  allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate;
 
   # Access new Stats AIDL APIs (ag/13714907).
   allow ramdump fwk_stats_service:service_manager find;