From eb1cf76b70f74ae5d2ab60a5e50f37f2fd740d4b Mon Sep 17 00:00:00 2001 From: Daniel Rosenberg Date: Fri, 12 Jul 2019 16:33:43 -0700 Subject: [PATCH] sepolicy: Adjust policy for migrate_legacy_obb_data.sh Required to check if migration is necessary and migrate obb contents Bug: 136199978 Test: make Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440 (cherry picked from commit 793dc8f8da2bbcb954670bfbd53a0038328e8473) --- prebuilts/api/29.0/private/migrate_legacy_obb_data.te | 8 ++++++++ private/migrate_legacy_obb_data.te | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te index 4bc1e2c60..b2a1fb10a 100644 --- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te +++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te index 4bc1e2c60..b2a1fb10a 100644 --- a/private/migrate_legacy_obb_data.te +++ b/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC.