Introduce apex_info_file type

/apex/apex-info-file.xml is labeled as apex_info_file. It is created/written by apexd once by apexd, and can be read by zygote and system_server. The content of the file is essentially the same as the return value of getAllPackages() call to apexd. Bug: 154823184 Test: m Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
2020-05-11 20:49:07 +09:00 · 2020-05-11 20:49:07 +09:00 · f1de4c02cc
commit f1de4c02cc
parent f0a4dc9e80
8 changed files with 20 additions and 0 deletions
--- a/private/apexd.te
+++ b/private/apexd.te
@ -64,6 +64,9 @@ allow apexd apex_mnt_dir:filesystem { mount unmount };
 allow apexd apex_mnt_dir:dir mounton;
 # allow apexd to create symlinks in /apex
 allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to create /apex/apex-info-list.xml and relabel to apex_info_file
+allow apexd apex_mnt_dir:file { create_file_perms relabelfrom };
+allow apexd apex_info_file:file relabelto;
 # allow apexd to unlink apex files in /data/apex/active
 # note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
 # because it doesn't have write permission for staging_data_file object.
@ -159,3 +162,6 @@ neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file
 # only apexd can set apexd sysprop
 set_prop(apexd, apexd_prop)
 neverallow { domain -apexd -init } apexd_prop:property_service set;
+
+# only apexd can write apex-info-list.xml
+neverallow { domain -apexd } apex_info_file:file no_w_file_perms;
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -5,4 +5,5 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
  ( new_objects
+    apex_info_file
    gnss_device))
--- a/private/file_contexts
+++ b/private/file_contexts
@ -33,6 +33,8 @@
 /sys                u:object_r:sysfs:s0
 /apex               u:object_r:apex_mnt_dir:s0

+/apex/apex-info-list.xml u:object_r:apex_info_file:s0
+
 # Symlinks
 /bin                u:object_r:rootfs:s0
 /bugreports         u:object_r:rootfs:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -1094,6 +1094,9 @@ allow system_server apexd:binder call;
 # Allow system server to scan /apex for flattened APEXes
 allow system_server apex_mnt_dir:dir r_dir_perms;

+# Allow system server to read /apex/apex-info-list.xml
+allow system_server apex_info_file:file r_file_perms;
+
 # Allow system server to communicate to system-suspend's control interface
 allow system_server system_suspend_control_service:service_manager find;
 binder_call(system_server, system_suspend)
--- a/private/zygote.te
+++ b/private/zygote.te
@ -200,6 +200,9 @@ unix_socket_send(zygote, system_unsolzygote, system_server)
 # Allow zygote to access media_variant_prop for static initialization
 get_prop(zygote, media_variant_prop)

+# Allow zygote to read /apex/apex-info-list.xml
+allow zygote apex_info_file:file r_file_perms;
+
 ###
 ### neverallow rules
 ###
--- a/public/file.te
+++ b/public/file.te
@ -336,6 +336,9 @@ type mnt_product_file, file_type;
 # Mount point used for APEX images
 type apex_mnt_dir, file_type;

+# /apex/apex-info-list.xml created by apexd
+type apex_info_file, file_type;
+
 # /postinstall: Mount point used by update_engine to run postinstall.
 type postinstall_mnt_dir, file_type;
 # Files inside the /postinstall mountpoint are all labeled as postinstall_file.
--- a/public/init.te
+++ b/public/init.te
@ -203,6 +203,7 @@ allow init {

 allow init {
  file_type
+  -apex_info_file
  -app_data_file
  -exec_type
  -gsi_data_file
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -74,6 +74,7 @@ allow vendor_init {
  -vold_metadata_file
  -gsi_metadata_file
  -apex_metadata_file
+  -apex_info_file
 }:file { create getattr open read write setattr relabelfrom unlink map };

 allow vendor_init {