Change priv-apps /data/data labels to privapp_data_file

Currently, both untrusted apps and priv-apps use the SELinux file label "app_data_file" for files in their /data/data directory. This is problematic, as we really want different rules for such files. For example, we may want to allow untrusted apps to load executable code from priv-app directories, but disallow untrusted apps from loading executable code from their own home directories. Commit 23c9d91b introduced a new type called privapp_data_file and added rules necessary to preserve compatibility. However, that change did not relabel any existing files, so effectively the change was a no-op. This change performs the switch, relabeling priv-app's /data/data files from app_data_file to privapp_data_file. Due to the compatibility rules added in 23c9d91b, there should be no noticeable effect from this change. This change was originally submitted as 4df57822. However, it was reverted in cdc6649a due to a different labeling bug. That bug has been fixed, and we can reapply this change. Test: Factory reset and boot - no problems on fresh install. Test: Upgrade to new version and test. No compatibility problems on filesystem upgrade. Bug: 112357170

Change priv-apps /data/data labels to privapp_data_file
Currently, both untrusted apps and priv-apps use the SELinux file label "app_data_file" for files in their /data/data directory. This is problematic, as we really want different rules for such files. For example, we may want to allow untrusted apps to load executable code from priv-app directories, but disallow untrusted apps from loading executable code from their own home directories. Commit 23c9d91b introduced a new type called privapp_data_file and added rules necessary to preserve compatibility. However, that change did not relabel any existing files, so effectively the change was a no-op. This change performs the switch, relabeling priv-app's /data/data files from app_data_file to privapp_data_file. Due to the compatibility rules added in 23c9d91b, there should be no noticeable effect from this change. This change was originally submitted as 4df57822. However, it was reverted in cdc6649a due to a different labeling bug. That bug has been fixed, and we can reapply this change. Test: Factory reset and boot - no problems on fresh install. Test: Upgrade to new version and test. No compatibility problems on filesystem upgrade. Bug: 112357170
5d175519 · Nick Kralevich · 9e6c78f7 · 5d175519
Commit 5d175519 authored 6 years ago by Nick Kralevich
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -112,7 +112,7 @@ user=_isolated domain=isolated_app levelFrom=all
 user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
-user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
 user=_app minTargetSdkVersion=28 domain=untrusted_app type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
 user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user