From 4b6e673a2a7591c6cd510035de3d6e540e95bd88 Mon Sep 17 00:00:00 2001
From: Jin Qian <jinqian@google.com>
Date: Mon, 14 Aug 2017 17:01:25 -0700
Subject: [PATCH] storaged: allow storaged to access /data/misc/storaged
 directory

storaged will use this directory to store internal data files.

Bug: 63740245
Change-Id: Ie77961c2b398cc464b7199d3acbcc6287312d3b4
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/file.te                     | 3 +++
 private/file_contexts               | 1 +
 private/storaged.te                 | 4 ++++
 4 files changed, 9 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 6b37df7fa..550c861dd 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -14,6 +14,7 @@
     mediaprovider_tmpfs
     netd_stable_secret_prop
     package_native_service
+    storaged_data_file
     sysfs_fs_ext4_features
     system_net_netd_hwservice
     thermal_service
diff --git a/private/file.te b/private/file.te
index da5f9adde..7bd83f2c5 100644
--- a/private/file.te
+++ b/private/file.te
@@ -5,3 +5,6 @@ typealias app_data_file alias download_file;
 
 # /proc/config.gz
 type config_gz, fs_type;
+
+# /data/misc/storaged
+type storaged_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 17378eeff..325053776 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -376,6 +376,7 @@
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
+/data/misc/storaged(/.*)?       u:object_r:storaged_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
 /data/misc/textclassifier(/.*)?       u:object_r:textclassifier_data_file:s0
 /data/misc/user(/.*)?           u:object_r:misc_user_data_file:s0
diff --git a/private/storaged.te b/private/storaged.te
index 20377e046..8da1f26d8 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -15,6 +15,10 @@ allow storaged proc_uid_io_stats:file r_file_perms;
 # Read /data/system/packages.list
 allow storaged system_data_file:file r_file_perms;
 
+# Store storaged proto file
+allow storaged storaged_data_file:dir rw_dir_perms;
+allow storaged storaged_data_file:file create_file_perms;
+
 userdebug_or_eng(`
   # Read access to debugfs
   allow storaged debugfs_mmc:dir search;