Merge "[Thread] move ot-daemon socket to /dev/socket/ot-daemon" into main am: 75f527a74e

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2911823

Change-Id: Ia843ec6afa308c5d7333d361280e8825aa953ed4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

contexts/plat_file_contexts_test

@@ -200,6 +200,9 @@
 /dev/socket/mdns                                                  mdns_socket
 /dev/socket/mdnsd                                                 mdnsd_socket
 /dev/socket/mtpd                                                  mtpd_socket
+/dev/socket/ot-daemon/                                            ot_daemon_socket
+/dev/socket/ot-daemon/thread-wpan                                 ot_daemon_socket
+/dev/socket/ot-daemon/100                                         ot_daemon_socket
 /dev/socket/pdx/system/buffer_hub                                 pdx_bufferhub_dir
 /dev/socket/pdx/system/buffer_hub/client                          pdx_bufferhub_client_endpoint_socket
 /dev/socket/pdx/system/performance                                pdx_performance_dir

private/compat/34.0/34.0.ignore.cil

@@ -21,6 +21,7 @@
     hidraw_device
     virtual_camera_service
     ot_daemon_service
+    ot_daemon_socket
     pm_archiving_enabled_prop
     remote_auth_service
     security_state_service

private/file_contexts

@@ -167,6 +167,7 @@
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/mtpd	u:object_r:mtpd_socket:s0
+/dev/socket/ot-daemon(/.*)?  u:object_r:ot_daemon_socket:s0
 /dev/socket/pdx/system/buffer_hub	u:object_r:pdx_bufferhub_dir:s0
 /dev/socket/pdx/system/buffer_hub/client	u:object_r:pdx_bufferhub_client_endpoint_socket:s0
 /dev/socket/pdx/system/performance	u:object_r:pdx_performance_dir:s0

private/ot_daemon.te

@@ -19,7 +19,6 @@ allow ot_daemon apex_module_data_file:dir search;
 # /data/misc/apexdata/com\.android\.tethering
 allow ot_daemon apex_tethering_data_file:dir {create rw_dir_perms};
 allow ot_daemon apex_tethering_data_file:file create_file_perms;
-allow ot_daemon apex_tethering_data_file:sock_file {create unlink};
 
 # Allow OT daemon to read/write the Thread tunnel interface
 allow ot_daemon tun_device:chr_file {read write};

public/file.te

@@ -539,6 +539,7 @@ type mdns_socket, file_type, coredomain_socket;
 type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
 type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type;
 type mtpd_socket, file_type, coredomain_socket;
+type ot_daemon_socket, file_type, coredomain_socket;
 type property_socket, file_type, coredomain_socket, mlstrustedobject;
 type racoon_socket, file_type, coredomain_socket;
 type recovery_socket, file_type, coredomain_socket;