From ff3b957e6373f06d038599ae5afc0ad9b4337bce Mon Sep 17 00:00:00 2001 From: Ricky Wai Date: Thu, 14 Dec 2017 09:56:32 +0000 Subject: [PATCH] Add Network Watchlist data file selinux policy(Used in ConfigUpdater) Bug: 63908748 Test: Able to boot Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607 --- private/compat/26.0/26.0.ignore.cil | 1 + private/file_contexts | 1 + private/system_server.te | 4 ++++ public/file.te | 1 + public/vendor_init.te | 5 +++++ 5 files changed, 12 insertions(+) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index e359935de..50d4ee7be 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -25,6 +25,7 @@ lowpan_service mediaprovider_tmpfs netd_stable_secret_prop + network_watchlist_data_file network_watchlist_service package_native_service perfprofd_service diff --git a/private/file_contexts b/private/file_contexts index 7d1457ae7..992bdc349 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -384,6 +384,7 @@ /data/misc/logd(/.*)? u:object_r:misc_logd_file:s0 /data/misc/media(/.*)? u:object_r:media_data_file:s0 /data/misc/net(/.*)? u:object_r:net_data_file:s0 +/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0 /data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0 /data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0 /data/misc/sms(/.*)? u:object_r:radio_data_file:s0 diff --git a/private/system_server.te b/private/system_server.te index 6fb6142bf..eff8e8f31 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -381,6 +381,10 @@ allow system_server heapdump_data_file:file create_file_perms; allow system_server adb_keys_file:dir create_dir_perms; allow system_server adb_keys_file:file create_file_perms; +# Manage /data/misc/network_watchlist +allow system_server network_watchlist_data_file:dir create_dir_perms; +allow system_server network_watchlist_data_file:file create_file_perms; + # Manage /data/misc/sms. # TODO: Split into a separate type? allow system_server radio_data_file:dir create_dir_perms; diff --git a/public/file.te b/public/file.te index 81bb1f1e1..e3ffa34e5 100644 --- a/public/file.te +++ b/public/file.te @@ -234,6 +234,7 @@ type media_data_file, file_type, data_file_type, core_data_file_type; type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; type misc_user_data_file, file_type, data_file_type, core_data_file_type; type net_data_file, file_type, data_file_type, core_data_file_type; +type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; type nfc_data_file, file_type, data_file_type, core_data_file_type; type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; type recovery_data_file, file_type, data_file_type, core_data_file_type; diff --git a/public/vendor_init.te b/public/vendor_init.te index ace58abe7..9aaa53846 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -40,6 +40,7 @@ allow vendor_init { -incident_data_file -keystore_data_file -misc_logd_file + -network_watchlist_data_file -nfc_data_file -property_data_file -radio_data_file @@ -62,6 +63,7 @@ allow vendor_init { -incident_data_file -keystore_data_file -misc_logd_file + -network_watchlist_data_file -nfc_data_file -property_data_file -radio_data_file @@ -85,6 +87,7 @@ allow vendor_init { -incident_data_file -keystore_data_file -misc_logd_file + -network_watchlist_data_file -nfc_data_file -property_data_file -radio_data_file @@ -107,6 +110,7 @@ allow vendor_init { -incident_data_file -keystore_data_file -misc_logd_file + -network_watchlist_data_file -nfc_data_file -property_data_file -radio_data_file @@ -129,6 +133,7 @@ allow vendor_init { -incident_data_file -keystore_data_file -misc_logd_file + -network_watchlist_data_file -nfc_data_file -property_data_file -radio_data_file