From edd13bc3b24275ae7a5c8d8c5e3740f712552ec9 Mon Sep 17 00:00:00 2001
From: Anton Hansson <hansson@google.com>
Date: Tue, 23 Oct 2018 16:50:51 +0100
Subject: [PATCH] Add sepolicy for preloads_copy script

Copied from device/google/crosshatch-sepolicy.

Test: diff files in system/etc/selinux before and after for aosp_marlin
Change-Id: I518c43af9c217483bdab02424e4aef0270aad366
---
 private/file_contexts    |  1 +
 private/preloads_copy.te | 14 ++++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 private/preloads_copy.te

diff --git a/private/file_contexts b/private/file_contexts
index b361ccd2e..ee295caa6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -270,6 +270,7 @@
 /system/bin/logwrapper  u:object_r:system_file:s0
 /system/bin/vdc         u:object_r:vdc_exec:s0
 /system/bin/cppreopts.sh   u:object_r:cppreopts_exec:s0
+/system/bin/preloads_copy.sh u:object_r:preloads_copy_exec:s0
 /system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
 /system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
 /system/bin/dex2oat(d)?     u:object_r:dex2oat_exec:s0
diff --git a/private/preloads_copy.te b/private/preloads_copy.te
new file mode 100644
index 000000000..7177839fd
--- /dev/null
+++ b/private/preloads_copy.te
@@ -0,0 +1,14 @@
+type preloads_copy, domain, coredomain;
+type preloads_copy_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(preloads_copy)
+
+allow preloads_copy shell_exec:file rx_file_perms;
+allow preloads_copy toolbox_exec:file rx_file_perms;
+allow preloads_copy preloads_data_file:dir create_dir_perms;
+allow preloads_copy preloads_data_file:file create_file_perms;
+allow preloads_copy preloads_media_file:dir create_dir_perms;
+allow preloads_copy preloads_media_file:file create_file_perms;
+
+# Allow to copy from /postinstall
+allow preloads_copy system_file:dir r_dir_perms;
-- 
GitLab