Merge "Support legacy apexdata labels"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
605715d665
3 changed files with 29 additions and 0 deletions
|
|
@ -54,6 +54,13 @@ type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
# /data/misc/apexdata/com.android.compos
|
# /data/misc/apexdata/com.android.compos
|
||||||
type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||||
|
|
||||||
|
# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained
|
||||||
|
# for backward compatibility b/217581286
|
||||||
|
type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||||
|
type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||||
|
type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||||
|
type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
|
||||||
|
|
||||||
# /data/font/files
|
# /data/font/files
|
||||||
type font_data_file, file_type, data_file_type, core_data_file_type;
|
type font_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1331,6 +1331,19 @@ allow system_server apex_module_data_file:dir { getattr search };
|
||||||
# These are modules where the code runs in system_server, so we need full access.
|
# These are modules where the code runs in system_server, so we need full access.
|
||||||
allow system_server apex_system_server_data_file:dir create_dir_perms;
|
allow system_server apex_system_server_data_file:dir create_dir_perms;
|
||||||
allow system_server apex_system_server_data_file:file create_file_perms;
|
allow system_server apex_system_server_data_file:file create_file_perms;
|
||||||
|
# Legacy labels that we still need to support (b/217581286)
|
||||||
|
allow system_server {
|
||||||
|
apex_appsearch_data_file
|
||||||
|
apex_permission_data_file
|
||||||
|
apex_scheduling_data_file
|
||||||
|
apex_wifi_data_file
|
||||||
|
}:dir create_dir_perms;
|
||||||
|
allow system_server {
|
||||||
|
apex_appsearch_data_file
|
||||||
|
apex_permission_data_file
|
||||||
|
apex_scheduling_data_file
|
||||||
|
apex_wifi_data_file
|
||||||
|
}:file create_file_perms;
|
||||||
|
|
||||||
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
|
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
|
||||||
# communicate which slots are available for use.
|
# communicate which slots are available for use.
|
||||||
|
|
|
||||||
|
|
@ -48,6 +48,15 @@ allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
|
||||||
allow vold_prepare_subdirs mnt_expand_file:dir search;
|
allow vold_prepare_subdirs mnt_expand_file:dir search;
|
||||||
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
|
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
|
||||||
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
|
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
|
||||||
|
|
||||||
|
# Migrate legacy labels to apex_system_server_data_file (b/217581286)
|
||||||
|
allow vold_prepare_subdirs {
|
||||||
|
apex_appsearch_data_file
|
||||||
|
apex_permission_data_file
|
||||||
|
apex_scheduling_data_file
|
||||||
|
apex_wifi_data_file
|
||||||
|
}:dir relabelfrom;
|
||||||
|
|
||||||
# /data/misc is unlabeled during early boot.
|
# /data/misc is unlabeled during early boot.
|
||||||
allow vold_prepare_subdirs unlabeled:dir search;
|
allow vold_prepare_subdirs unlabeled:dir search;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue