Start tracking vendor seapp coredomain violations (1)

As part of Treble, enforce that vendor's seapp_contexts can't label apps using coredomains. Apps installed to system/system_ext/product should be labeled with platform side sepolicy. This change marks violating domains that need to be fixed. Bug: 296512192 Test: build and see build log Change-Id: I755657e538ada8807313bd0063c880264e4b79be
2023-08-21 20:44:45 +09:00 · 2023-08-21 20:44:45 +09:00 · ee253beede
commit ee253beede
parent 74c39518b2
2 changed files with 6 additions and 0 deletions
--- a/camera/sepolicy/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor_pbcs_app.te
@ -1,5 +1,8 @@
 type vendor_pbcs_app, domain, coredomain;

+# TODO(b/296512192): move vendor_pbcs_app out of vendor sepolicy
+typeattribute vendor_pbcs_app vendor_seapp_assigns_coredomain_violators;
+
 app_domain(vendor_pbcs_app);

 dontaudit vendor_pbcs_app system_app_data_file:dir *;
--- a/camera/sepolicy/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor_pcs_app.te
@ -1,5 +1,8 @@
 type vendor_pcs_app, domain, coredomain;

+# TODO(b/296512192): move vendor_pcs_app out of vendor sepolicy
+typeattribute vendor_pcs_app vendor_seapp_assigns_coredomain_violators;
+
 app_domain(vendor_pcs_app);

 allow vendor_pcs_app {