Apply SELinux labels to the persist filesystem.
Presently, the persist filesystem remains
unlabeled when mounted. This patch defines
types and file_context entries to label the
persist filesystem, and applies a recursive
restorecon to /persist.
Depends on Ia7fbcc82645baf52c6bff0490d3492f458881cbb.
Change-Id: I48eaa2b9901ac8c978192c14493ba1058a089423
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
diff --git a/init.mako.rc b/init.mako.rc
index 3f47ff1..8bf7290 100644
--- a/init.mako.rc
+++ b/init.mako.rc
@@ -48,6 +48,7 @@
on fs
mount_all ./fstab.mako
+ restorecon_recursive /persist
setprop ro.crypto.fuse_sdcard true
write /sys/kernel/boot_adsp/boot 1
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 0d72636..9edbe8b 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -7,3 +7,10 @@
# Default type for anything under /firmware
type radio_efs_file, fs_type;
+
+# Persist firmware types
+type persist_file, file_type;
+type persist_bluetooth_file, file_type;
+type persist_drm_file, file_type;
+type persist_sensors_file, file_type;
+type persist_wifi_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ef060bc..83b686d 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -90,3 +90,11 @@
/system/bin/mm-qcamera-daemon u:object_r:camera_exec:s0
/system/bin/qseecomd u:object_r:tee_exec:s0
/system/bin/conn_init u:object_r:conn_init_exec:s0
+
+# Persist firmware filesystem
+/persist(/.*)? u:object_r:persist_file:s0
+/persist/bluetooth(/.*)? u:object_r:persist_bluetooth_file:s0
+/persist/sensors(/.*)? u:object_r:persist_sensors_file:s0
+/persist/playready(/.*)? u:object_r:persist_drm_file:s0
+/persist/widevine(/.*)? u:object_r:persist_drm_file:s0
+/persist/wifi(/.*)? u:object_r:persist_wifi_file:s0
