On 10/18/2016 09:33 AM, Sava Mikalački wrote: > I'm trying to extend aosp file_contexts by adding a new entry for > /data/system/ifw. I've created a file_contexts under my vendor directory > structure but if I try to use the new label, build crashes with unknown > type. I'm trying to enable a platform_app to write to data/system/ifw > and here is what I have so far: > file_contexts: > /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > platform_app.te: > allow platform_app system_data_ifw:file create_file_perms; > > I also tried adding: > /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > to my device specific sepolicy but it still doesnt get picked up. > > Am I taking the right approach?
You need to also define the type in a .te file, e.g. $ cat file.te type system_data_ifw, file_type, data_file_type, mlstrustedobject; And add a BOARD_SEPOLICY_DIRS definition to your BoardConfig.mk file. Look at the AOSP device policies for examples. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.