Merge "Allow the appsearch apex access to the apexdata misc_ce dir."

private/apexd.te

@@ -18,6 +18,8 @@ allow apexd apex_ota_reserved_file:dir create_dir_perms;
 allow apexd apex_ota_reserved_file:file create_file_perms;
 
 # Allow apexd to create files and directories for snapshots of apex data
+allow apexd apex_appsearch_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_appsearch_data_file:file { create_file_perms relabelto };
 allow apexd apex_art_data_file:dir { create_dir_perms relabelto };
 allow apexd apex_art_data_file:file { create_file_perms relabelto };
 allow apexd apex_permission_data_file:dir { create_dir_perms relabelto };

private/compat/30.0/30.0.ignore.cil

@@ -8,6 +8,7 @@
     ab_update_gki_prop
     adbd_config_prop
     apc_service
+    apex_appsearch_data_file
     apex_art_data_file
     apex_art_staging_data_file
     apex_info_file

private/file_contexts

@@ -565,12 +565,12 @@
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
-/data/misc/a11ytrace(/.*)?        u:object_r:accessibility_trace_data_file:s0
+/data/misc/a11ytrace(/.*)?      u:object_r:accessibility_trace_data_file:s0
 /data/misc/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
-/data/misc/apexdata/com\.android\.art(/.*)?    u:object_r:apex_art_data_file:s0
+/data/misc/apexdata/com\.android\.art(/.*)?           u:object_r:apex_art_data_file:s0
 /data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_permission_data_file:s0
 /data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_scheduling_data_file:s0
-/data/misc/apexdata/com\.android\.wifi(/.*)?    u:object_r:apex_wifi_data_file:s0
+/data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_wifi_data_file:s0
 /data/misc/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
 /data/misc/apns(/.*)?           u:object_r:radio_data_file:s0
 /data/misc/appcompat(/.*)?      u:object_r:appcompat_data_file:s0
@@ -672,6 +672,7 @@
 # Apex data directories
 /data/misc_de/[0-9]+/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
 /data/misc_ce/[0-9]+/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.appsearch(/.*)?   u:object_r:apex_appsearch_data_file:s0
 /data/misc_de/[0-9]+/apexdata/com\.android\.permission(/.*)?  u:object_r:apex_permission_data_file:s0
 /data/misc_ce/[0-9]+/apexdata/com\.android\.permission(/.*)?  u:object_r:apex_permission_data_file:s0
 /data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)?  u:object_r:apex_wifi_data_file:s0

private/system_server.te

@@ -1259,6 +1259,8 @@ allow system_server vendor_apex_file:file r_file_perms;
 
 # Allow the system server to manage relevant apex module data files.
 allow system_server apex_module_data_file:dir { getattr search };
+allow system_server apex_appsearch_data_file:dir create_dir_perms;
+allow system_server apex_appsearch_data_file:file create_file_perms;
 allow system_server apex_permission_data_file:dir create_dir_perms;
 allow system_server apex_permission_data_file:file create_file_perms;
 allow system_server apex_scheduling_data_file:dir create_dir_perms;

private/vold_prepare_subdirs.te

@@ -16,6 +16,7 @@ allow vold_prepare_subdirs {
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
+    apex_appsearch_data_file
     apex_art_data_file
     apex_module_data_file
     apex_permission_data_file
@@ -32,6 +33,7 @@ allow vold_prepare_subdirs {
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
+    apex_appsearch_data_file
     apex_art_data_file
     apex_art_staging_data_file
     apex_module_data_file

public/file.te

@@ -385,6 +385,7 @@ type mirror_data_file, file_type, core_data_file_type;
 
 # /data/misc subdirectories
 type adb_keys_file, file_type, data_file_type, core_data_file_type;
+type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type;
 type apex_module_data_file, file_type, data_file_type, core_data_file_type;
 type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type;
 type apex_permission_data_file, file_type, data_file_type, core_data_file_type;