SELinux policies for /data/preloads directory am: 49ac2a3d

am: 72f0fbb2 * commit '72f0fbb2': SELinux policies for /data/preloads directory Change-Id: I0eb0aacd3bd5134077ef2bfbc9e5f418044043ab

SELinux policies for /data/preloads directory am: 49ac2a3d
6107d75c · Fyodor Kupolov · android-build-merger · ccf9131c · 72f0fbb2 · 6107d75c
Commit 6107d75c authored 9 years ago by Fyodor Kupolov Committed by android-build-merger 9 years ago
--- a/file.te
+++ b/file.te
@@ -107,6 +107,8 @@ type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
 type nativetest_data_file, file_type, data_file_type;
 # /data/system_de/0/ringtones
 type ringtone_file, file_type, data_file_type, mlstrustedobject;
+# /data/preloads
+type preloads_data_file, file_type, data_file_type;

 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -253,6 +253,7 @@
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 /data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
+/data/preloads(/.*)?	u:object_r:preloads_data_file:s0

 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0

--- a/platform_app.te
+++ b/platform_app.te
@@ -51,3 +51,7 @@ allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app app_api_service:service_manager find;
 allow platform_app system_api_service:service_manager find;
 allow platform_app vr_manager_service:service_manager find;
+
+# Access to /data/preloads
+allow platform_app preloads_data_file:file r_file_perms;
+allow platform_app preloads_data_file:dir r_dir_perms;
--- a/priv_app.te
+++ b/priv_app.te
@@ -92,6 +92,10 @@ allow priv_app update_engine_service:service_manager find;
 # Allow Phone to read/write cached ringtones (opened by system).
 allow priv_app ringtone_file:file { getattr read write };

+# Access to /data/preloads
+allow priv_app preloads_data_file:file r_file_perms;
+allow priv_app preloads_data_file:dir r_dir_perms;
+
 ###
 ### neverallow rules
 ###

--- a/system_server.te
+++ b/system_server.te
@@ -522,6 +522,10 @@ allow system_server postinstall:fifo_file write;
 allow system_server update_engine:fd use;
 allow system_server update_engine:fifo_file write;

+# Access to /data/preloads
+allow system_server preloads_data_file:file { r_file_perms unlink };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
+
 ###
 ### Neverallow rules
 ###