Label /vendor/bin/hw on devices without vendor partition

SELinux labeling of filesystem files ignores symlinks. Unfortunately, /vendor is a symlink on devices without vendor partition (e.g., hikey). Thus, policy in directories which are used both for devices with vendor partition and for devices without vendor partition must be adjusted to match both /vendor and /system/vendor. It is assumed that the /vendor symlink, if it exists at all, always points to /system/vendor. The alternative solution of adjusting vendor policy file labelling rules at vendor policy build time, when the actual on-device paths are known, was considered to make it harder to see how files are labelled by looking solely at the source tree. Test: Files under /vendor/bin/hw correctly labelled on sailfish, angler, and a device which uses the /vendor symlink. Bug: 35431549 Change-Id: If6ccb2c9cb85b0589db03ab86de8071e15d5366f

Label /vendor/bin/hw on devices without vendor partition
SELinux labeling of filesystem files ignores symlinks. Unfortunately, /vendor is a symlink on devices without vendor partition (e.g., hikey). Thus, policy in directories which are used both for devices with vendor partition and for devices without vendor partition must be adjusted to match both /vendor and /system/vendor. It is assumed that the /vendor symlink, if it exists at all, always points to /system/vendor. The alternative solution of adjusting vendor policy file labelling rules at vendor policy build time, when the actual on-device paths are known, was considered to make it harder to see how files are labelled by looking solely at the source tree. Test: Files under /vendor/bin/hw correctly labelled on sailfish, angler, and a device which uses the /vendor symlink. Bug: 35431549 Change-Id: If6ccb2c9cb85b0589db03ab86de8071e15d5366f
3001d5a3 · Alex Klyubin · d419ed8f · 3001d5a3
Commit 3001d5a3 authored 8 years ago by Alex Klyubin
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
 #############################
 # Default HALs
 #
-/vendor/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
-/vendor/bin/hw/android\.hardware\.camera\.provider@2\.4-service          u:object_r:hal_camera_default_exec:s0
-/vendor/bin/hw/android\.hardware\.configstore@1\.0-service    u:object_r:hal_configstore_default_exec:s0
-/vendor/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service            u:object_r:hal_drm_default_exec:s0
-/vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gnss@1\.0-service           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
-/vendor/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
-/vendor/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
-/vendor/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
-/vendor/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
-/vendor/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_default_exec:s0
-/vendor/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_default_exec:s0
-/vendor/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
-/vendor/bin/hw/android\.hardware\.sensors@1\.0-service        u:object_r:hal_sensors_default_exec:s0
-/vendor/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
-/vendor/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service          u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.0-service    u:object_r:hal_configstore_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service            u:object_r:hal_drm_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service           u:object_r:hal_gnss_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service        u:object_r:hal_sensors_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0