Skip to content
Snippets Groups Projects
Commit 2ad229c7 authored by Narayan Kamath's avatar Narayan Kamath
Browse files

Add initial sepolicy for app data snapshots.

Define a rollback_data_file label and apply it to the snapshots
directory. This change contains just enough detail to allow
vold_prepare_subdirs to prepare these directories correctly.

A follow up change will flesh out the access policy on these
directories in more detail.

Test: make, manual
Bug: 112431924

Change-Id: I4fa7187d9558697016af4918df6e34aac1957176
parent 6d53efcf
No related branches found
No related tags found
No related merge requests found
......@@ -16,3 +16,7 @@ type debugfs_kcov, fs_type, debugfs_type;
# App executable files in /data/data directories
type app_exec_data_file, file_type, data_file_type, core_data_file_type;
typealias app_exec_data_file alias rs_data_file;
# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
# of application data.
type rollback_data_file, file_type, data_file_type, core_data_file_type;
......@@ -514,6 +514,10 @@
# Bootchart data
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
# App data snapshots (managed by installd).
/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
#############################
# Expanded data files
#
......
......@@ -17,6 +17,7 @@ allow vold_prepare_subdirs {
face_vendor_data_file
fingerprint_vendor_data_file
iris_vendor_data_file
rollback_data_file
storaged_data_file
vold_data_file
}:dir { create_dir_perms relabelto };
......@@ -24,6 +25,7 @@ allow vold_prepare_subdirs {
face_vendor_data_file
fingerprint_vendor_data_file
iris_vendor_data_file
rollback_data_file
storaged_data_file
system_data_file
vold_data_file
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment