Merge "Add policy for CompOS APEX data files."

private/file.te

@@ -48,6 +48,9 @@ type apex_art_data_file, file_type, data_file_type, core_data_file_type, apex_da
 # /data/misc/apexdata/com.android.art/staging
 type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc/apexdata/com.android.compos
+type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+
 # /data/font/files
 type font_data_file, file_type, data_file_type, core_data_file_type;
 

private/file_contexts

@@ -568,6 +568,7 @@
 /data/misc/a11ytrace(/.*)?      u:object_r:accessibility_trace_data_file:s0
 /data/misc/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
 /data/misc/apexdata/com\.android\.art(/.*)?           u:object_r:apex_art_data_file:s0
+/data/misc/apexdata/com\.android\.compos(/.*)?        u:object_r:apex_compos_data_file:s0
 /data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_system_server_data_file:s0

private/odsign.te

@@ -44,6 +44,10 @@ allow odsign apex_module_data_file:dir { getattr search };
 allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
 allow odsign apex_art_data_file:file { rw_file_perms unlink };
 
+# For CompOS pending key files
+allow odsign apex_compos_data_file:dir { getattr search write remove_name };
+allow odsign apex_compos_data_file:file { r_file_perms unlink };
+
 # Run odrefresh to refresh ART artifacts
 domain_auto_trans(odsign, odrefresh_exec, odrefresh)