On Oct 18, 2016 9:34 AM, "Sava Mikalački" <mikalac...@gmail.com> wrote: > > I'm trying to extend aosp file_contexts by adding a new entry for /data/system/ifw. I've created a file_contexts under my vendor directory structure but if I try to use the new label, build crashes with unknown type. I'm
You need to declare the type with the type keyword: type system_data_ifw, file_type; trying to enable a platform_app to write to data/system/ifw and here is what I have so far: > file_contexts: > /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > platform_app.te: > allow platform_app system_data_ifw:file create_file_perms; Platform applications shouldn't be creating stuff around the system, they should stick to their sandbox. I cant recall offhand, but a never allow I wrote might assert itself on that allow rule. > > I also tried adding: > /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > to my device specific sepolicy but it still doesnt get picked up. > > Am I taking the right approach? You extend policy in your own specific location set by BOARD_SEPOlICY_DIRS = path/to/directory Then just add files to that directory. No need to ever touch system/sepolicy or on older versions of Android external/sepolicy. > > -- > I have only two questions: How much and give it to me. > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.