Merge "Support legacy apexdata labels" am: 605715d665
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1977066 Change-Id: Id2d5508fb56eae96da5d04fdcb907a410aeb102a
This commit is contained in:
commit
1d087ac705
3 changed files with 29 additions and 0 deletions
|
@ -54,6 +54,13 @@ type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
|
|||
# /data/misc/apexdata/com.android.compos
|
||||
type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||
|
||||
# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained
|
||||
# for backward compatibility b/217581286
|
||||
type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||
type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||
type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||
type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||
|
||||
# /data/font/files
|
||||
type font_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
|
|
|
@ -1331,6 +1331,19 @@ allow system_server apex_module_data_file:dir { getattr search };
|
|||
# These are modules where the code runs in system_server, so we need full access.
|
||||
allow system_server apex_system_server_data_file:dir create_dir_perms;
|
||||
allow system_server apex_system_server_data_file:file create_file_perms;
|
||||
# Legacy labels that we still need to support (b/217581286)
|
||||
allow system_server {
|
||||
apex_appsearch_data_file
|
||||
apex_permission_data_file
|
||||
apex_scheduling_data_file
|
||||
apex_wifi_data_file
|
||||
}:dir create_dir_perms;
|
||||
allow system_server {
|
||||
apex_appsearch_data_file
|
||||
apex_permission_data_file
|
||||
apex_scheduling_data_file
|
||||
apex_wifi_data_file
|
||||
}:file create_file_perms;
|
||||
|
||||
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
|
||||
# communicate which slots are available for use.
|
||||
|
|
|
@ -48,6 +48,15 @@ allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
|
|||
allow vold_prepare_subdirs mnt_expand_file:dir search;
|
||||
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
|
||||
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
|
||||
|
||||
# Migrate legacy labels to apex_system_server_data_file (b/217581286)
|
||||
allow vold_prepare_subdirs {
|
||||
apex_appsearch_data_file
|
||||
apex_permission_data_file
|
||||
apex_scheduling_data_file
|
||||
apex_wifi_data_file
|
||||
}:dir relabelfrom;
|
||||
|
||||
# /data/misc is unlabeled during early boot.
|
||||
allow vold_prepare_subdirs unlabeled:dir search;
|
||||
|
||||
|
|
Loading…
Reference in a new issue