rfs_access: Limit and specify tombstone_rfs_vendor_data_file label for rfs_access

am: fe77ce7472 Change-Id: I687740045eb1f138d539c01e7c13f9c84173b993
2026-02-01 07:50:47 +00:00 · 2018-12-22 02:16:53 -08:00
parent 4784c2a4bc fe77ce7472
commit 866d206666
3 changed files with 5 additions and 5 deletions
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -79,8 +79,8 @@ type sensors_vendor_data_file, file_type, data_file_type;
 type audio_vendor_data_file, file_type, data_file_type;
 type mediadrm_vendor_data_file, file_type, data_file_type;

-# Tombstone vendor data
-type tombstone_vendor_data_file, file_type, data_file_type;
+# Tombstone RFS vendor data
+type tombstone_rfs_vendor_data_file, file_type, data_file_type;

 #diag sysfs files
 type sysfs_diag, fs_type, sysfs_type;
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -256,7 +256,7 @@
 /data/vendor/sensors(/.*)?             u:object_r:sensors_vendor_data_file:s0
 /data/vendor/audio(/.*)?               u:object_r:audio_vendor_data_file:s0
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
-/data/vendor/tombstones(/.*)?          u:object_r:tombstone_vendor_data_file:s0
+/data/vendor/tombstones/rfs(/.*)?      u:object_r:tombstone_rfs_vendor_data_file:s0
 /data/vendor_ce/[0-9]+/ramoops(/.*)?   u:object_r:ramoops_vendor_data_file:s0

 # /
--- a/sepolicy/vendor/rfs_access.te
+++ b/sepolicy/vendor/rfs_access.te
@@ -18,5 +18,5 @@ allow rfs_access persist_rfs_file:file create_file_perms;
 allow rfs_access self:socket create_socket_perms_no_ioctl;

 # For ramdump entries in /data/vendor/tombstones
-allow rfs_access tombstone_vendor_data_file:dir create_dir_perms;
-allow rfs_access tombstone_vendor_data_file:file create_file_perms;
+allow rfs_access tombstone_rfs_vendor_data_file:dir create_dir_perms;
+allow rfs_access tombstone_rfs_vendor_data_file:file create_file_perms;