Merge "Add initial sepolicy for app data snapshots."

9e332a59 · Annie Meng · Gerrit Code Review · 2d86b650 · 2ad229c7 · 9e332a59
Commit 9e332a59 authored 6 years ago by Annie Meng Committed by Gerrit Code Review 6 years ago
--- a/private/file.te
+++ b/private/file.te
@@ -16,3 +16,7 @@ type debugfs_kcov, fs_type, debugfs_type;
 # App executable files in /data/data directories
 type app_exec_data_file, file_type, data_file_type, core_data_file_type;
 typealias app_exec_data_file alias rs_data_file;
+# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
+# of application data.
+type rollback_data_file, file_type, data_file_type, core_data_file_type;
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -514,6 +514,10 @@
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
+# App data snapshots (managed by installd).
+/data/misc_de/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
+/data/misc_ce/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
 #############################
 # Expanded data files
 #

--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -17,6 +17,7 @@ allow vold_prepare_subdirs {
    face_vendor_data_file
    fingerprint_vendor_data_file
    iris_vendor_data_file
+    rollback_data_file
    storaged_data_file
    vold_data_file
 }:dir { create_dir_perms relabelto };
@@ -24,6 +25,7 @@ allow vold_prepare_subdirs {
    face_vendor_data_file
    fingerprint_vendor_data_file
    iris_vendor_data_file
+    rollback_data_file
    storaged_data_file
    system_data_file
    vold_data_file