From 80300f9daf7ea82ddee2ae2626cd33e84c9c6e7e Mon Sep 17 00:00:00 2001 From: Woody Lin Date: Tue, 22 Jun 2021 10:19:46 +0800 Subject: pixel-sepolicy/ramdump: create ramdump_vendor_fs Bug 177481425 requires a dedicated file type for fscontext to mount fusefs. To reduce code changes difference between sc-dev and master, create file_type 'ramdump_vendor_fs' for both as base. Later it will be revised to 'fusefs_type' on master branch only. Bug: 177481425 Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18 Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18 --- ramdump/common/file.te | 1 + ramdump/ramdump.te | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ramdump/common/file.te b/ramdump/common/file.te index e1382df..78ad1db 100644 --- a/ramdump/common/file.te +++ b/ramdump/common/file.te @@ -1,2 +1,3 @@ type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject; +type ramdump_vendor_fs, file_type, data_file_type, mlstrustedobject; diff --git a/ramdump/ramdump.te b/ramdump/ramdump.te index 9b3e475..d66139f 100644 --- a/ramdump/ramdump.te +++ b/ramdump/ramdump.te @@ -39,7 +39,8 @@ userdebug_or_eng(` allow ramdump fuse_device:chr_file rw_file_perms; allow ramdump mnt_vendor_file:dir r_dir_perms; allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; - allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto }; + allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto }; + allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate; # Access new Stats AIDL APIs (ag/13714907). allow ramdump fwk_stats_service:service_manager find; -- cgit v1.2.3