On 10/18/2016 10:23 AM, William Roberts wrote: > On Oct 18, 2016 9:34 AM, "Sava Mikalački" <[email protected] > <mailto:[email protected]>> wrote: >> >> I'm trying to extend aosp file_contexts by adding a new entry for > /data/system/ifw. I've created a file_contexts under my vendor directory > structure but if I try to use the new label, build crashes with unknown > type. I'm > > You need to declare the type with the type keyword: > > type system_data_ifw, file_type;
Just to be clear, you also want at least the data_file_type attribute here (for all types on files under /data) and possibly the mlstrustedobject attribute (if it needs to be writable by any app using levelFrom= in seapp_contexts). The latter is not necessary for system_app. > > trying to enable a platform_app to write to data/system/ifw and here is > what I have so far: >> file_contexts: >> /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 >> platform_app.te: >> allow platform_app system_data_ifw:file create_file_perms; > > Platform applications shouldn't be creating stuff around the system, > they should stick to their sandbox. I cant recall offhand, but a never > allow I wrote might assert itself on that allow rule. > >> >> I also tried adding: >> /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 >> to my device specific sepolicy but it still doesnt get picked up. >> >> Am I taking the right approach? > > You extend policy in your own specific location set by > BOARD_SEPOlICY_DIRS = path/to/directory > > Then just add files to that directory. No need to ever touch > system/sepolicy or on older versions of Android external/sepolicy. > >> >> -- >> I have only two questions: How much and give it to me. >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] <mailto:[email protected]> >> To unsubscribe, send email to [email protected] > <mailto:[email protected]>. >> To get help, send an email containing "help" to > [email protected] > <mailto:[email protected]>. > > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
