On policy versions < 29, the type_names field of the constraint
expression is empty, so adding the /data/media type to the
mlstrustedobject attribute would have no effect. There's no way to tell
that a constraint applies to a particular attribute. This would prevent
apps from writing to /data/media on devices where it is labeled with a
type that doesn't exist in the policy (and thus, mbtool has to create
it).
This commit adds the ability to add the dynamically created type to
every constraint that applies to the expected /data/media type.
On policy versions < 29, the type_names field of the constraint expression is empty, so adding the /data/media type to the mlstrustedobject attribute would have no effect. There's no way to tell that a constraint applies to a particular attribute. This would prevent apps from writing to /data/media on devices where it is labeled with a type that doesn't exist in the policy (and thus, mbtool has to create it).
This commit adds the ability to add the dynamically created type to every constraint that applies to the expected /data/media type.
Fixes: #1396
Signed-off-by: Andrew Gunnerson andrewgunnerson@gmail.com