Merge "Add selinux labels for /metadata/ota."

private/compat/29.0/29.0.ignore.cil

@@ -8,6 +8,7 @@
     cold_boot_done_prop
     ctl_apexd_prop
     device_config_sys_traced_prop
+    ota_metadata_file
     runtime_apex_dir
     system_ashmem_hwservice
     vendor_apex_file

private/file_contexts

@@ -632,6 +632,7 @@
 /metadata/vold(/.*)?      u:object_r:vold_metadata_file:s0
 /metadata/gsi(/.*)?       u:object_r:gsi_metadata_file:s0
 /metadata/password_slots(/.*)?    u:object_r:password_slot_metadata_file:s0
+/metadata/ota(/.*)?       u:object_r:ota_metadata_file:s0
 
 #############################
 # asec containers

public/file.te

@@ -212,6 +212,8 @@ type gsi_metadata_file, file_type;
 type password_slot_metadata_file, file_type;
 # APEX files within /metadata
 type apex_metadata_file, file_type;
+# libsnapshot files within /metadata
+type ota_metadata_file, file_type;
 
 # Type for /dev/cpu_variant:.*.
 type dev_cpu_variant, file_type;

public/vendor_init.te

@@ -51,6 +51,7 @@ allow vendor_init {
   -system_file_type
   -mnt_product_file
   -password_slot_metadata_file
+  -ota_metadata_file
   -unlabeled
   -vendor_file_type
   -vold_metadata_file
@@ -65,6 +66,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -password_slot_metadata_file
+  -ota_metadata_file
   -runtime_event_log_tags_file
   -system_file_type
   -unlabeled
@@ -79,6 +81,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -password_slot_metadata_file
+  -ota_metadata_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -93,6 +96,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -password_slot_metadata_file
+  -ota_metadata_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -107,6 +111,7 @@ allow vendor_init {
   -exec_type
   -mnt_product_file
   -password_slot_metadata_file
+  -ota_metadata_file
   -system_file_type
   -vendor_file_type
   -vold_metadata_file