On Oct 18, 2016 10:51, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 10/18/2016 10:23 AM, William Roberts wrote:
> > On Oct 18, 2016 9:34 AM, "Sava Mikalački" <mikalac...@gmail.com
> > <mailto:mikalac...@gmail.com>> wrote:
> >>
> >> I'm trying to extend aosp file_contexts by adding a new entry for
> > /data/system/ifw. I've created a file_contexts under my vendor directory
> > structure but if I try to use the new label, build crashes with unknown
> > type. I'm
> >
> > You need to declare the type with the type keyword:
> >
> > type system_data_ifw, file_type;
>
> Just to be clear, you also want at least the data_file_type attribute
> here (for all types on files under /data) and possibly the
> mlstrustedobject attribute (if it needs to be writable by any app using
> levelFrom= in seapp_contexts).  The latter is not necessary for
system_app.

Correct, typing from phone is too hard for underscores.
>
> >
> > trying to enable a platform_app to write to data/system/ifw and here is
> > what I have so far:
> >> file_contexts:
> >> /data/system/ifw(/.*)?
 u:object_r:system_data_ifw:s0
> >> platform_app.te:
> >> allow platform_app system_data_ifw:file create_file_perms;
> >
> > Platform applications shouldn't be creating stuff around the system,
> > they should stick to their sandbox. I cant recall offhand, but a never
> > allow I wrote might assert itself on that allow rule.
> >
> >>
> >> I also tried adding:
> >> /data/system/ifw(/.*)?
 u:object_r:system_data_ifw:s0
> >> to my device specific sepolicy but it still doesnt get picked up.
> >>
> >> Am I taking the right approach?
> >
> > You extend policy in your own specific location set by
> > BOARD_SEPOlICY_DIRS = path/to/directory
> >
> > Then just add files to that directory. No need to ever touch
> > system/sepolicy or on older versions of Android external/sepolicy.
> >
> >>
> >> --
> >> I have only two questions: How much and give it to me.
> >>
> >> _______________________________________________
> >> Seandroid-list mailing list
> >> Seandroid-list@tycho.nsa.gov <mailto:Seandroid-list@tycho.nsa.gov>
> >> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov
> > <mailto:seandroid-list-le...@tycho.nsa.gov>.
> >> To get help, send an email containing "help" to
> > seandroid-list-requ...@tycho.nsa.gov
> > <mailto:seandroid-list-requ...@tycho.nsa.gov>.
> >
> >
> >
> > _______________________________________________
> > Seandroid-list mailing list
> > Seandroid-list@tycho.nsa.gov
> > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> > To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
> >
>
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Reply via email to