Use label persist_ss_file

The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?". But we erroneously didn't assign the label to the path. This patch fixes the error. Bug: 173971240 Bug: 173032298 Test: Trusty storage tests Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8
2021-06-15 17:24:01 -07:00 · 2021-06-15 17:24:01 -07:00 · dc0cdc36f3
commit dc0cdc36f3
parent 10e8126e2d
2 changed files with 2 additions and 1 deletions
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -335,7 +335,7 @@
 /vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor    u:object_r:hal_confirmationui_default_exec:s0
 /dev/trusty-ipc-dev0                 u:object_r:tee_device:s0
 /data/vendor/ss(/.*)?                u:object_r:tee_data_file:s0
-/mnt/vendor/persist/ss(/.*)?         u:object_r:tee_data_file:s0
+/mnt/vendor/persist/ss(/.*)?         u:object_r:persist_ss_file:s0
 /dev/sg1                             u:object_r:sg_device:s0
 /dev/trusty-log0                     u:object_r:logbuffer_device:s0

--- a/whitechapel/vendor/google/storageproxyd.te
+++ b/whitechapel/vendor/google/storageproxyd.te
@ -1,6 +1,7 @@
 type sg_device, dev_type;
 type persist_ss_file, file_type, vendor_persist_type;

+allow tee persist_ss_file:file rw_file_perms;
 allow tee persist_ss_file:dir r_dir_perms;
 allow tee persist_file:dir r_dir_perms;
 allow tee mnt_vendor_file:dir r_dir_perms;