From 49ac2a3d7a40d998e3b1be0b0172be8f651bc935 Mon Sep 17 00:00:00 2001
From: Fyodor Kupolov <fkupolov@google.com>
Date: Fri, 20 May 2016 11:08:45 -0700
Subject: [PATCH] SELinux policies for /data/preloads directory

A new directory is created in user data partition that contains preloaded
content such as a retail mode demo video and pre-loaded APKs.

The new directory is writable/deletable by system server. It can only be
readable (including directory list) by privileged or platform apps

Bug: 28855287
Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037
---
 file.te          | 2 ++
 file_contexts    | 1 +
 platform_app.te  | 4 ++++
 priv_app.te      | 4 ++++
 system_server.te | 4 ++++
 5 files changed, 15 insertions(+)

diff --git a/file.te b/file.te
index 8b525daac..ce9eff9f8 100644
--- a/file.te
+++ b/file.te
@@ -110,6 +110,8 @@ type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
 type nativetest_data_file, file_type, data_file_type;
 # /data/system_de/0/ringtones
 type ringtone_file, file_type, data_file_type, mlstrustedobject;
+# /data/preloads
+type preloads_data_file, file_type, data_file_type;
 
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;
diff --git a/file_contexts b/file_contexts
index c4f8f6a4b..062b92937 100644
--- a/file_contexts
+++ b/file_contexts
@@ -260,6 +260,7 @@
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 /data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
+/data/preloads(/.*)?	u:object_r:preloads_data_file:s0
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
diff --git a/platform_app.te b/platform_app.te
index 8ac79327e..0d3bdba1c 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -51,3 +51,7 @@ allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app app_api_service:service_manager find;
 allow platform_app system_api_service:service_manager find;
 allow platform_app vr_manager_service:service_manager find;
+
+# Access to /data/preloads
+allow platform_app preloads_data_file:file r_file_perms;
+allow platform_app preloads_data_file:dir r_dir_perms;
diff --git a/priv_app.te b/priv_app.te
index 58016195a..d380a67a2 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -92,6 +92,10 @@ allow priv_app update_engine_service:service_manager find;
 # Allow Phone to read/write cached ringtones (opened by system).
 allow priv_app ringtone_file:file { getattr read write };
 
+# Access to /data/preloads
+allow priv_app preloads_data_file:file r_file_perms;
+allow priv_app preloads_data_file:dir r_dir_perms;
+
 ###
 ### neverallow rules
 ###
diff --git a/system_server.te b/system_server.te
index 6b2fa7e0c..b205c2429 100644
--- a/system_server.te
+++ b/system_server.te
@@ -529,6 +529,10 @@ allow system_server postinstall:fifo_file write;
 allow system_server update_engine:fd use;
 allow system_server update_engine:fifo_file write;
 
+# Access to /data/preloads
+allow system_server preloads_data_file:file { r_file_perms unlink };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab