From adfc5db008f3d256c66ea0f913df0f094bf72bc9 Mon Sep 17 00:00:00 2001
From: Abodunrinwa Toki <toki@google.com>
Date: Wed, 26 Apr 2017 21:20:20 +0100
Subject: [PATCH] SELinux configuration for TextClassifier model updates.

Test: bit FrameworksCoreTests:android.view.textclassifier.TextClassificationManagerTest
Bug: 34780396
Change-Id: I8b98fef913df571e55474ea2529f71750874941c
---
 private/app.te           | 3 +++
 private/file_contexts    | 1 +
 private/system_server.te | 4 ++++
 public/file.te           | 1 +
 4 files changed, 9 insertions(+)

diff --git a/private/app.te b/private/app.te
index a9d89649e..d44cc889b 100644
--- a/private/app.te
+++ b/private/app.te
@@ -84,6 +84,9 @@ r_dir_file(appdomain, keychain_data_file)
 allow appdomain misc_user_data_file:dir r_dir_perms;
 allow appdomain misc_user_data_file:file r_file_perms;
 
+# TextClassifier
+r_dir_file({ appdomain -isolated_app }, textclassifier_data_file)
+
 # Access to OEM provided data and apps
 allow appdomain oemfs:dir r_dir_perms;
 allow appdomain oemfs:file rx_file_perms;
diff --git a/private/file_contexts b/private/file_contexts
index 81b0aae1d..2879265e2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -364,6 +364,7 @@
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
+/data/misc/textclassifier(/.*)?       u:object_r:textclassifier_data_file:s0
 /data/misc/user(/.*)?           u:object_r:misc_user_data_file:s0
 /data/misc/vpn(/.*)?            u:object_r:vpn_data_file:s0
 /data/misc/wifi(/.*)?           u:object_r:wifi_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index c4d17ef99..2ffdf35d2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -347,6 +347,10 @@ allow system_server radio_data_file:file create_file_perms;
 allow system_server systemkeys_data_file:dir create_dir_perms;
 allow system_server systemkeys_data_file:file create_file_perms;
 
+# Manage /data/misc/textclassifier.
+allow system_server textclassifier_data_file:dir create_dir_perms;
+allow system_server textclassifier_data_file:file create_file_perms;
+
 # Access /data/tombstones.
 allow system_server tombstone_data_file:dir r_dir_perms;
 allow system_server tombstone_data_file:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index eacfc2cfd..7cb7c3678 100644
--- a/public/file.te
+++ b/public/file.te
@@ -200,6 +200,7 @@ type reboot_data_file, file_type, data_file_type, core_data_file_type;
 type recovery_data_file, file_type, data_file_type, core_data_file_type;
 type shared_relro_file, file_type, data_file_type, core_data_file_type;
 type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
+type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
 type vpn_data_file, file_type, data_file_type, core_data_file_type;
 type wifi_data_file, file_type, data_file_type, core_data_file_type;
 type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
-- 
GitLab