From d62193e9dfe8eef207eaf252129564e23d0c692b Mon Sep 17 00:00:00 2001
From: Artur Satayev <satayev@google.com>
Date: Tue, 23 Feb 2021 18:56:52 +0000
Subject: [PATCH] Introduce derive_classpath.

The service generates /data/system/environ/classpath with values for
BOOTCLASSPATH, SYSTEMSERVERCLASSPATH, and DEX2OATCLASSPATH to be
exported by init.

See go/updatable-classpath for more details.

Bug: 180105615
Test: manual
Change-Id: I4150de69f7d39f685a202eb4f86c27b661f808dc
---
 apex/com.android.sdkext-file_contexts | 5 +++--
 private/derive_classpath.te           | 9 +++++++++
 private/file.te                       | 3 +++
 private/file_contexts                 | 1 +
 4 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 private/derive_classpath.te

diff --git a/apex/com.android.sdkext-file_contexts b/apex/com.android.sdkext-file_contexts
index 2d59ddabc..551a12cd0 100644
--- a/apex/com.android.sdkext-file_contexts
+++ b/apex/com.android.sdkext-file_contexts
@@ -1,2 +1,3 @@
-(/.*)?                u:object_r:system_file:s0
-/bin/derive_sdk       u:object_r:derive_sdk_exec:s0
+(/.*)?                       u:object_r:system_file:s0
+/bin/derive_classpath        u:object_r:derive_classpath_exec:s0
+/bin/derive_sdk              u:object_r:derive_sdk_exec:s0
diff --git a/private/derive_classpath.te b/private/derive_classpath.te
new file mode 100644
index 000000000..15f19736c
--- /dev/null
+++ b/private/derive_classpath.te
@@ -0,0 +1,9 @@
+
+# Domain for derive_classpath
+type derive_classpath, domain, coredomain;
+type derive_classpath_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(derive_classpath)
+
+# Create /data/system/environ/classpath file
+allow derive_classpath environ_system_data_file:dir rw_dir_perms;
+allow derive_classpath environ_system_data_file:file create_file_perms;
diff --git a/private/file.te b/private/file.te
index 4b0f48af3..bd2849e1b 100644
--- a/private/file.te
+++ b/private/file.te
@@ -50,3 +50,6 @@ type font_data_file, file_type, data_file_type, core_data_file_type;
 
 # /data/misc/odsign
 type odsign_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/system/environ
+type environ_system_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index a4a04497e..a6f4cd845 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -504,6 +504,7 @@
 #
 /data		u:object_r:system_data_root_file:s0
 /data/(.*)?		u:object_r:system_data_file:s0
+/data/system/environ(/.*)? u:object_r:environ_system_data_file:s0
 /data/system/packages\.list u:object_r:packages_list_file:s0
 /data/unencrypted(/.*)?         u:object_r:unencrypted_data_file:s0
 /data/backup(/.*)?		u:object_r:backup_data_file:s0