Add Network Watchlist data file selinux policy(Used in ConfigUpdater)

Bug: 63908748 Test: Able to boot Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607

Add Network Watchlist data file selinux policy(Used in ConfigUpdater)
Bug: 63908748 Test: Able to boot Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607
ff3b957e · Ricky Wai · rickywai · 2f39276e · ff3b957e · ff3b957e
Commit ff3b957e authored 7 years ago by Ricky Wai Committed by rickywai 7 years ago
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -25,6 +25,7 @@
    lowpan_service
    mediaprovider_tmpfs
    netd_stable_secret_prop
+    network_watchlist_data_file
    network_watchlist_service
    package_native_service
    perfprofd_service

--- a/private/file_contexts
+++ b/private/file_contexts
@@ -384,6 +384,7 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
+/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -381,6 +381,10 @@ allow system_server heapdump_data_file:file create_file_perms;
 allow system_server adb_keys_file:dir create_dir_perms;
 allow system_server adb_keys_file:file create_file_perms;
+# Manage /data/misc/network_watchlist
+allow system_server network_watchlist_data_file:dir create_dir_perms;
+allow system_server network_watchlist_data_file:file create_file_perms;
 # Manage /data/misc/sms.
 # TODO:  Split into a separate type?
 allow system_server radio_data_file:dir create_dir_perms;

--- a/public/file.te
+++ b/public/file.te
@@ -234,6 +234,7 @@ type media_data_file, file_type, data_file_type, core_data_file_type;
 type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type misc_user_data_file, file_type, data_file_type, core_data_file_type;
 type net_data_file, file_type, data_file_type, core_data_file_type;
+type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
 type nfc_data_file, file_type, data_file_type, core_data_file_type;
 type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type recovery_data_file, file_type, data_file_type, core_data_file_type;

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -40,6 +40,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@@ -62,6 +63,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@@ -85,6 +87,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@@ -107,6 +110,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@@ -129,6 +133,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file