I am working on Android9 AOSP, when I add a permission in my untrusted_app.te (located in system/sepolicy/private/untrusted_app.te
), my build fails.
Error:
system/sepolicy/private/untrusted_app.te:27:ERROR 'unknown type xyz_block_device' at token ';' on line....
The permission that am adding is allow untrusted_app xyz_block_device:blk_file { read write };
in file system/sepolicy/private/untrusted_app.te
Can anyone please guide me where to define xyz_block_device , thanks!
The reason that you see the error is that the xyz_block_device is not defined. for this you need to go the file_contexts and define your xyz_block_device like this:
and then you can add your rule to untrusted_app.te.
Note: I have to mention that changing the system SEPolicy is not recommended nor safe, it is better to add file named untrusted_app.te to your target tree. (/device/vendor/model).