From 4a137c011f7687c4fd4df600b210392e05c29535 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 25 Jan 2019 12:55:18 -0800
Subject: [PATCH] Treble-ize tmpfs access

Declare *_tmpfs types for all vendor domains which need it.

Bug: 122854450
Test: Sepolicy-build tests
Test: build taimen-userdebug
Change-Id: Ifd18eea5cac0a21f5fe1e27212e35d71762a9905
---
 sepolicy/private/wfc_activation_app.te | 1 +
 sepolicy/public/dataservice_app.te     | 3 ++-
 sepolicy/vendor/con_monitor.te         | 1 +
 sepolicy/vendor/easelservice_app.te    | 1 +
 sepolicy/vendor/google_camera_app.te   | 1 +
 sepolicy/vendor/hardware_info_app.te   | 1 +
 sepolicy/vendor/logger_app.te          | 1 +
 sepolicy/vendor/mds_app.te             | 1 +
 sepolicy/vendor/qtelephony.te          | 1 +
 sepolicy/vendor/ramdump_app.te         | 1 +
 sepolicy/vendor/ssr_detector.te        | 1 +
 sepolicy/vendor/tango_core.te          | 1 +
 sepolicy/vendor/timeservice_app.te     | 1 +
 sepolicy/verizon/obdm_app.te           | 1 +
 14 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/sepolicy/private/wfc_activation_app.te b/sepolicy/private/wfc_activation_app.te
index cd32efc4..9e2c9ef2 100644
--- a/sepolicy/private/wfc_activation_app.te
+++ b/sepolicy/private/wfc_activation_app.te
@@ -1,4 +1,5 @@
 type wfc_activation_app, domain, coredomain;
+type wfc_activation_app_tmpfs, file_type;
 
 app_domain(wfc_activation_app)
 net_domain(wfc_activation_app)
diff --git a/sepolicy/public/dataservice_app.te b/sepolicy/public/dataservice_app.te
index 8c8d82fa..9a310884 100644
--- a/sepolicy/public/dataservice_app.te
+++ b/sepolicy/public/dataservice_app.te
@@ -1 +1,2 @@
-type dataservice_app, domain;
\ No newline at end of file
+type dataservice_app, domain;
+type dataservice_app_tmpfs, file_type;
diff --git a/sepolicy/vendor/con_monitor.te b/sepolicy/vendor/con_monitor.te
index e1ba346c..e73e42bd 100644
--- a/sepolicy/vendor/con_monitor.te
+++ b/sepolicy/vendor/con_monitor.te
@@ -1,5 +1,6 @@
 # ConnectivityMonitor app
 type con_monitor_app, domain;
+type con_monitor_app_tmpfs, file_type;
 
 app_domain(con_monitor_app)
 
diff --git a/sepolicy/vendor/easelservice_app.te b/sepolicy/vendor/easelservice_app.te
index fd70ca6a..657255de 100644
--- a/sepolicy/vendor/easelservice_app.te
+++ b/sepolicy/vendor/easelservice_app.te
@@ -1,4 +1,5 @@
 type easelservice_app, domain;
+type easelservice_app_tmpfs, file_type;
 
 app_domain(easelservice_app)
 
diff --git a/sepolicy/vendor/google_camera_app.te b/sepolicy/vendor/google_camera_app.te
index 30031efb..60935249 100644
--- a/sepolicy/vendor/google_camera_app.te
+++ b/sepolicy/vendor/google_camera_app.te
@@ -1,4 +1,5 @@
 type google_camera_app, domain, coredomain;
+type google_camera_app_tmpfs, file_type;
 
 app_domain(google_camera_app)
 net_domain(google_camera_app)
diff --git a/sepolicy/vendor/hardware_info_app.te b/sepolicy/vendor/hardware_info_app.te
index 27ce4405..ed8a43eb 100644
--- a/sepolicy/vendor/hardware_info_app.te
+++ b/sepolicy/vendor/hardware_info_app.te
@@ -1,4 +1,5 @@
 type hardware_info_app, domain;
+type hardware_info_app_tmpfs, file_type;
 
 app_domain(hardware_info_app)
 
diff --git a/sepolicy/vendor/logger_app.te b/sepolicy/vendor/logger_app.te
index c5262ba6..334226ab 100644
--- a/sepolicy/vendor/logger_app.te
+++ b/sepolicy/vendor/logger_app.te
@@ -1,4 +1,5 @@
 type logger_app, domain;
+type logger_app_tmpfs, file_type;
 
 userdebug_or_eng(`
   app_domain(logger_app)
diff --git a/sepolicy/vendor/mds_app.te b/sepolicy/vendor/mds_app.te
index e95b423d..61a3cdd9 100644
--- a/sepolicy/vendor/mds_app.te
+++ b/sepolicy/vendor/mds_app.te
@@ -1,4 +1,5 @@
 type mds_app, domain;
+type mds_app_tmpfs, file_type;
 
 app_domain(mds_app)
 
diff --git a/sepolicy/vendor/qtelephony.te b/sepolicy/vendor/qtelephony.te
index d01178aa..9475cd07 100644
--- a/sepolicy/vendor/qtelephony.te
+++ b/sepolicy/vendor/qtelephony.te
@@ -1,5 +1,6 @@
 # Qualcomm telephony apps, such as AtFwd and FastDormancy
 type qtelephony, domain;
+type qtelephony_tmpfs, file_type;
 
 app_domain(qtelephony)
 
diff --git a/sepolicy/vendor/ramdump_app.te b/sepolicy/vendor/ramdump_app.te
index ed9bf33b..80060467 100644
--- a/sepolicy/vendor/ramdump_app.te
+++ b/sepolicy/vendor/ramdump_app.te
@@ -1,4 +1,5 @@
 type ramdump_app, domain;
+type ramdump_app_tmpfs, file_type;
 
 userdebug_or_eng(`
   app_domain(ramdump_app)
diff --git a/sepolicy/vendor/ssr_detector.te b/sepolicy/vendor/ssr_detector.te
index 0fd4cc75..d9b24b50 100644
--- a/sepolicy/vendor/ssr_detector.te
+++ b/sepolicy/vendor/ssr_detector.te
@@ -1,5 +1,6 @@
 # SSRestartDetector app
 type ssr_detector_app, domain;
+type ssr_detector_app_tmpfs, file_type;
 
 app_domain(ssr_detector_app)
 
diff --git a/sepolicy/vendor/tango_core.te b/sepolicy/vendor/tango_core.te
index 0fd0e252..256deaf6 100644
--- a/sepolicy/vendor/tango_core.te
+++ b/sepolicy/vendor/tango_core.te
@@ -1,4 +1,5 @@
 type tango_core, domain, coredomain;
+type tango_core_tmpfs, file_type;
 
 app_domain(tango_core)
 #from system/sepolicy/private/untrusted_app.te
diff --git a/sepolicy/vendor/timeservice_app.te b/sepolicy/vendor/timeservice_app.te
index c047793c..3b0888ba 100644
--- a/sepolicy/vendor/timeservice_app.te
+++ b/sepolicy/vendor/timeservice_app.te
@@ -1,4 +1,5 @@
 type timeservice_app, domain;
+type timeservice_app_tmpfs, file_type;
 app_domain(timeservice_app);
 
 allow timeservice_app app_api_service:service_manager find;
diff --git a/sepolicy/verizon/obdm_app.te b/sepolicy/verizon/obdm_app.te
index f24baad7..04e7e574 100644
--- a/sepolicy/verizon/obdm_app.te
+++ b/sepolicy/verizon/obdm_app.te
@@ -1,4 +1,5 @@
 type obdm_app, domain, coredomain;
+type obdm_app_tmpfs, file_type;
 
 app_domain(obdm_app)
 net_domain(obdm_app)