Add Network Watchlist data file selinux policy(Used in ConfigUpdater)

Bug: 63908748 Test: Able to boot Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607
2017-12-14 09:56:32 +00:00 · 2017-12-14 09:56:32 +00:00 · ff3b957e63
commit ff3b957e63
parent 2f39276e3f
5 changed files with 12 additions and 0 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -25,6 +25,7 @@
    lowpan_service
    mediaprovider_tmpfs
    netd_stable_secret_prop
+    network_watchlist_data_file
    network_watchlist_service
    package_native_service
    perfprofd_service
--- a/private/file_contexts
+++ b/private/file_contexts
@ -384,6 +384,7 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
+/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -381,6 +381,10 @@ allow system_server heapdump_data_file:file create_file_perms;
 allow system_server adb_keys_file:dir create_dir_perms;
 allow system_server adb_keys_file:file create_file_perms;

+# Manage /data/misc/network_watchlist
+allow system_server network_watchlist_data_file:dir create_dir_perms;
+allow system_server network_watchlist_data_file:file create_file_perms;
+
 # Manage /data/misc/sms.
 # TODO:  Split into a separate type?
 allow system_server radio_data_file:dir create_dir_perms;
--- a/public/file.te
+++ b/public/file.te
@ -234,6 +234,7 @@ type media_data_file, file_type, data_file_type, core_data_file_type;
 type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type misc_user_data_file, file_type, data_file_type, core_data_file_type;
 type net_data_file, file_type, data_file_type, core_data_file_type;
+type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
 type nfc_data_file, file_type, data_file_type, core_data_file_type;
 type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type recovery_data_file, file_type, data_file_type, core_data_file_type;
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -40,6 +40,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@ -62,6 +63,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@ -85,6 +87,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@ -107,6 +110,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file
@ -129,6 +133,7 @@ allow vendor_init {
  -incident_data_file
  -keystore_data_file
  -misc_logd_file
+  -network_watchlist_data_file
  -nfc_data_file
  -property_data_file
  -radio_data_file