From 3d533078ab8a43b7fcaaf8f761e8baaf30c214e6 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Fri, 16 Nov 2018 09:53:40 -0800
Subject: [PATCH] Allow vendor_init to relabelfrom unlabeled.

This will be needed if vendors remove a label, as vendor_init would
need to relabel from it (which would be unlabeled) to the new label.

Test: Build policy.
Change-Id: Ieea0fcd7379da26b2864b971f7773ed61f413bb9
---
 public/vendor_init.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 5ecd2a103..0653b411c 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -55,6 +55,8 @@ allow vendor_init {
   -vold_metadata_file
 }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
 
+allow vendor_init unlabeled:{ dir notdevfile_class_set } { getattr relabelfrom };
+
 allow vendor_init {
   file_type
   -core_data_file_type
-- 
GitLab