7aa40413ae
user_profile_data_file is mlstrustedobject. And it needs to be, because we want untrusted apps to be able to write to their profile files, but they do not have levels. But now we want to apply levels in the parent directories that have the same label, and we want them to work so they need to not be MLS-exempt. To resolve that we introduce a new label, user_profile_root_file, which is applied to those directories (but no files). We grant mostly the same access to the new label as directories with the existing label. Apart from appdomain, almost every domain which accesses user_profile_data_file, and now user_profile_root_file, is already mlstrustedsubject and so can't be affected by this change. The exception is postinstall_dexopt which we now make mlstrustedobject. Bug: 141677108 Bug: 175311045 Test: Manual: flash with wipe Test: Manual: flash on top of older version Test: Manual: install & uninstall apps Test: Manual: create & remove user Test: Presubmits. Change-Id: I4e0def3d513b129d6c292f7edb076db341b4a2b3
53 lines
2 KiB
Text
53 lines
2 KiB
Text
domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
|
|
|
|
typeattribute vold_prepare_subdirs mlstrustedsubject;
|
|
|
|
allow vold_prepare_subdirs system_file:file execute_no_trans;
|
|
allow vold_prepare_subdirs shell_exec:file rx_file_perms;
|
|
allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
|
|
allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
|
|
allow vold_prepare_subdirs vold:fd use;
|
|
allow vold_prepare_subdirs vold:fifo_file { read write };
|
|
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
|
|
allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
|
|
allow vold_prepare_subdirs self:process setfscreate;
|
|
allow vold_prepare_subdirs {
|
|
system_data_file
|
|
vendor_data_file
|
|
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
|
allow vold_prepare_subdirs {
|
|
apex_module_data_file
|
|
apex_permission_data_file
|
|
apex_rollback_data_file
|
|
apex_wifi_data_file
|
|
backup_data_file
|
|
face_vendor_data_file
|
|
fingerprint_vendor_data_file
|
|
iris_vendor_data_file
|
|
rollback_data_file
|
|
storaged_data_file
|
|
system_data_file
|
|
vold_data_file
|
|
}:dir { create_dir_perms relabelto };
|
|
allow vold_prepare_subdirs {
|
|
apex_module_data_file
|
|
apex_permission_data_file
|
|
apex_rollback_data_file
|
|
apex_wifi_data_file
|
|
backup_data_file
|
|
face_vendor_data_file
|
|
fingerprint_vendor_data_file
|
|
iris_vendor_data_file
|
|
rollback_data_file
|
|
storaged_data_file
|
|
system_data_file
|
|
vold_data_file
|
|
}:file { getattr unlink };
|
|
allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
|
|
allow vold_prepare_subdirs mnt_expand_file:dir search;
|
|
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
|
|
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
|
|
# /data/misc is unlabeled during early boot.
|
|
allow vold_prepare_subdirs unlabeled:dir search;
|
|
|
|
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
|