[coral-sepolicy] define vendor_incremental_module
BUG: 150882666
Test: atest PackageManagerShellCommandIncrementalTest
Change-Id: I0d63b5a1d0501c5f0cfbb29d5b8e8310a1a7eb53
diff --git a/vendor/google/file.te b/vendor/google/file.te
index 31047f8..8ce4d9a 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -82,3 +82,6 @@
# wifi_sniffer
type sysfs_wifi_conmode, sysfs_type, fs_type;
+
+# Incremental file system driver
+type vendor_incremental_module, vendor_file_type, file_type;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index bab536c..381a16b 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -72,6 +72,9 @@
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
/mnt/vendor/persist/oslo(/.*)? u:object_r:persist_oslo_file:s0
+# Incremental file system driver
+/vendor/lib/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
+
# data files
/data/vendor/hardware/airbrush/manager(/.*)? u:object_r:airbrush_data_file:s0
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
diff --git a/vendor/google/vold.te b/vendor/google/vold.te
new file mode 100644
index 0000000..f7b7e26
--- /dev/null
+++ b/vendor/google/vold.te
@@ -0,0 +1,4 @@
+# Allow to load incremental file system driver
+allow vold self:capability sys_module;
+allow vold vendor_incremental_module:file r_file_perms;
+allow vold vendor_incremental_module:system module_load;
