From 085c16914cc27f8b23927ca5756f74239f102859 Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Tue, 8 Mar 2016 15:06:44 -0800
Subject: [PATCH] Allow "shortcut manager" icons to be returned to apps

... and client apps to read them.

A full path looks like this:
/data/system_ce/[user-id]/shortcut_service/bitmaps/[creator-app-package]/[timestamp].png

System server will:
- Create/delete the directories.
- Write/remove PNG files in them.
- Open the PNG files and return file descriptors to client apps

Client apps will:
- Receive file descriptors and read from them.

Bug 27548047

Change-Id: I3d9ac6ab0c92b2953b84c3c5aabe1f653e6bea6b
---
 app.te           | 3 +++
 file.te          | 2 ++
 file_contexts    | 4 ++++
 system_server.te | 6 ++++++
 4 files changed, 15 insertions(+)

diff --git a/app.te b/app.te
index 8b8eed954..3c0a88b94 100644
--- a/app.te
+++ b/app.te
@@ -104,6 +104,9 @@ allow appdomain wallpaper_file:file { getattr read write };
 # Read/write cached ringtones (opened by system).
 allow appdomain ringtone_file:file { getattr read write };
 
+# Read ShortcutManager icon files (opened by system).
+allow appdomain shortcut_manager_icons:file { getattr read };
+
 # Write to /data/anr/traces.txt.
 allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };
diff --git a/file.te b/file.te
index 876ff36a6..6f32aeb50 100644
--- a/file.te
+++ b/file.te
@@ -168,6 +168,8 @@ type cache_recovery_file, file_type, mlstrustedobject;
 type efs_file, file_type;
 # Type for wallpaper file.
 type wallpaper_file, file_type, data_file_type, mlstrustedobject;
+# Type for shortcut manager icon file.
+type shortcut_manager_icons, file_type, data_file_type, mlstrustedobject;
 # /mnt/asec
 type asec_apk_file, file_type, data_file_type, mlstrustedobject;
 # Elements of asec files (/mnt/asec) that are world readable
diff --git a/file_contexts b/file_contexts
index 543391dab..a3cebbf47 100644
--- a/file_contexts
+++ b/file_contexts
@@ -330,6 +330,10 @@
 # Ringtone files
 /data/system_de/[0-9]+/ringtones(/.*)?          u:object_r:ringtone_file:s0
 
+# ShortcutManager icons, e.g.
+#   /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png
+/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0
+
 #############################
 # efs files
 #
diff --git a/system_server.te b/system_server.te
index 7602ec675..c8364e25d 100644
--- a/system_server.te
+++ b/system_server.te
@@ -300,6 +300,12 @@ allow system_server system_data_file:file relabelfrom;
 allow system_server wallpaper_file:file relabelto;
 allow system_server wallpaper_file:file { rw_file_perms unlink };
 
+
+# ShortcutManager icons
+allow system_server system_data_file:dir relabelfrom;
+allow system_server shortcut_manager_icons:dir { create_dir_perms relabelto };
+allow system_server shortcut_manager_icons:file create_file_perms;
+
 # Manage ringtones.
 allow system_server ringtone_file:dir { create_dir_perms relabelto };
 allow system_server ringtone_file:file create_file_perms;
-- 
GitLab