On Oct 18, 2016 10:51, "Stephen Smalley" <[email protected]> wrote: > > On 10/18/2016 10:23 AM, William Roberts wrote: > > On Oct 18, 2016 9:34 AM, "Sava Mikalački" <[email protected] > > <mailto:[email protected]>> wrote: > >> > >> I'm trying to extend aosp file_contexts by adding a new entry for > > /data/system/ifw. I've created a file_contexts under my vendor directory > > structure but if I try to use the new label, build crashes with unknown > > type. I'm > > > > You need to declare the type with the type keyword: > > > > type system_data_ifw, file_type; > > Just to be clear, you also want at least the data_file_type attribute > here (for all types on files under /data) and possibly the > mlstrustedobject attribute (if it needs to be writable by any app using > levelFrom= in seapp_contexts). The latter is not necessary for system_app.
Correct, typing from phone is too hard for underscores. > > > > > trying to enable a platform_app to write to data/system/ifw and here is > > what I have so far: > >> file_contexts: > >> /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > >> platform_app.te: > >> allow platform_app system_data_ifw:file create_file_perms; > > > > Platform applications shouldn't be creating stuff around the system, > > they should stick to their sandbox. I cant recall offhand, but a never > > allow I wrote might assert itself on that allow rule. > > > >> > >> I also tried adding: > >> /data/system/ifw(/.*)? u:object_r:system_data_ifw:s0 > >> to my device specific sepolicy but it still doesnt get picked up. > >> > >> Am I taking the right approach? > > > > You extend policy in your own specific location set by > > BOARD_SEPOlICY_DIRS = path/to/directory > > > > Then just add files to that directory. No need to ever touch > > system/sepolicy or on older versions of Android external/sepolicy. > > > >> > >> -- > >> I have only two questions: How much and give it to me. > >> > >> _______________________________________________ > >> Seandroid-list mailing list > >> [email protected] <mailto:[email protected]> > >> To unsubscribe, send email to [email protected] > > <mailto:[email protected]>. > >> To get help, send an email containing "help" to > > [email protected] > > <mailto:[email protected]>. > > > > > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to [email protected]. > > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
