From b8104a47dd361050c9ebadcbeabf515a29cf94e4 Mon Sep 17 00:00:00 2001
From: Christopher Tate <ctate@google.com>
Date: Thu, 28 Jan 2016 11:30:41 -0800
Subject: [PATCH] Move staged backup content to a specific cache subdir

Also narrowly specify the domain for the local transport's bookkeeping.

Bug 26834865

Change-Id: I2eea8a10f29356ffecabd8e102f7afa90123c535
---
 domain.te        |  2 +-
 file.te          |  5 +++--
 file_contexts    |  9 +++++----
 system_server.te | 12 +++++-------
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/domain.te b/domain.te
index 80d2328d1..708142823 100644
--- a/domain.te
+++ b/domain.te
@@ -270,7 +270,7 @@ neverallow {
     -recovery # for /tmp/update_binary in tmpfs
 } { fs_type -rootfs }:file execute;
 # Files from cache should never be executed
-neverallow domain { cache_file cache_backup_file cache_recovery_file }:file execute;
+neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute;
 
 # Protect most domains from executing arbitrary content from /data.
 neverallow {
diff --git a/file.te b/file.te
index 0c5593da9..25c4c0660 100644
--- a/file.te
+++ b/file.te
@@ -145,9 +145,10 @@ typealias app_data_file alias platform_app_data_file;
 typealias app_data_file alias download_file;
 # Default type for anything under /cache
 type cache_file, file_type, mlstrustedobject;
-# Type for /cache/.*\.{data|restore} and default
-# type for anything under /cache/backup
+# Type for /cache/backup_stage/* (fd interchange with apps)
 type cache_backup_file, file_type, mlstrustedobject;
+# type for anything under /cache/backup (local transport storage)
+type cache_private_backup_file, file_type;
 # Type for anything under /cache/recovery
 type cache_recovery_file, file_type, mlstrustedobject;
 # Default type for anything under /efs
diff --git a/file_contexts b/file_contexts
index 55212d4a7..f2927801a 100644
--- a/file_contexts
+++ b/file_contexts
@@ -319,11 +319,12 @@
 # Cache files
 #
 /cache(/.*)?		u:object_r:cache_file:s0
-/cache/.*\.data	u:object_r:cache_backup_file:s0
-/cache/.*\.restore	u:object_r:cache_backup_file:s0
-# LocalTransport (backup) uses this directory
-/cache/backup(/.*)?	u:object_r:cache_backup_file:s0
 /cache/recovery(/.*)?	u:object_r:cache_recovery_file:s0
+# General backup/restore interchange with apps
+/cache/backup_stage(/.*)?	u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this subtree
+/cache/backup(/.*)?		u:object_r:cache_private_backup_file:s0
+
 #############################
 # sysfs files
 #
diff --git a/system_server.te b/system_server.te
index 979dd0caf..2bb21a37b 100644
--- a/system_server.te
+++ b/system_server.te
@@ -337,14 +337,12 @@ allow system_server { appdomain autoplay_app }:{ fifo_file unix_stream_socket }
 # Allow abstract socket connection
 allow system_server rild:unix_stream_socket connectto;
 
-# BackupManagerService lets PMS create a data backup file
+# BackupManagerService needs to manipulate backup data files
+allow system_server cache_backup_file:dir rw_dir_perms;
 allow system_server cache_backup_file:file create_file_perms;
-# Relabel /data/backup
-allow system_server backup_data_file:dir { relabelto relabelfrom };
-# Relabel /cache/.*\.{data|restore}
-allow system_server cache_backup_file:file { relabelto relabelfrom };
-# LocalTransport creates and relabels /cache/backup
-allow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
+# LocalTransport works inside /cache/backup
+allow system_server cache_private_backup_file:dir create_dir_perms;
+allow system_server cache_private_backup_file:file create_file_perms;
 
 # Allow system to talk to usb device
 allow system_server usb_device:chr_file rw_file_perms;
-- 
GitLab