From df9d78327603e68fd8057433c1b6758e324418d8 Mon Sep 17 00:00:00 2001
From: Justin Yun <justinyun@google.com>
Date: Tue, 6 Nov 2018 15:00:49 +0900
Subject: [PATCH] sepolicy for vendor overlay

Make /(product|system/product)/vendor_overlay/<ver> have the vendor
file context.

If vendor_overlay requires to mount on the vendor directories other
than 'vendor_file', the contexts must be defined in the device
specific sepolicy files.

Bug: 119076200
Test: build and check if the files are overided and have the required
sepolicy contexts.

Change-Id: I69ed38d4ea8e7d89f56865b1ca1e26f290e9892d
---
 private/file_contexts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/private/file_contexts b/private/file_contexts
index fd3e1dc2a..13d87ff1f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -381,6 +381,14 @@
 /(product_services|system/product_services)(/.*)?               u:object_r:system_file:s0
 /(product_services|system/product_services)/overlay(/.*)?       u:object_r:vendor_overlay_file:s0
 
+#############################
+# Vendor files from /(product|system/product)/vendor_overlay
+#
+# NOTE: For additional vendor file contexts for vendor overlay files,
+# use device specific file_contexts.
+#
+/(product|system/product)/vendor_overlay/[0-9]+/.*          u:object_r:vendor_file:s0
+
 #############################
 # Data files
 #
-- 
GitLab