From 282dbf7bbbe1d5541c769038e2800ee9dd3eda21 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Wed, 20 Dec 2017 15:38:35 -0800
Subject: [PATCH] Introduce system_executes_vendor_violators attribute.

We use this attribute to annotate coredomains that execute vendor code
in a Treble-violating way.

Bug: 62041836
Test: sepolicy builds
Change-Id: Ie6052209b3901eaad8496b8fc9681421d7ee3c1c
---
 public/attributes | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/attributes b/public/attributes
index c25f1ebc8..2a8a40ada 100644
--- a/public/attributes
+++ b/public/attributes
@@ -154,6 +154,12 @@ expandattribute vendor_executes_system_violators false;
 attribute data_between_core_and_vendor_violators;
 expandattribute data_between_core_and_vendor_violators false;
 
+# All system domains which violate the requirement of not executing vendor
+# binaries/libraries.
+# TODO(b/62041836)
+attribute system_executes_vendor_violators;
+expandattribute system_executes_vendor_violators false;
+
 # hwservices that are accessible from untrusted applications
 # WARNING: Use of this attribute should be avoided unless
 # absolutely necessary.  It is a temporary allowance to aid the