platform_system_sepolicy

History

Kangping Dong e21496b105 [Thread] move Thread settings data to APEX data dir This commit includes two sepolicy changes: 1. change threadnetwork data file to /data/misc/apexdata/com.android.tethering/threadnetwork 2. use apex_tethering_data_file for files under /data/misc/apexdata/com.android.tethering The background is that the Thread daemon (ot_daemon) is merged into the Tethering mainline module, which means the the Tehtering module now has code running in both system_server and the standalone unprivileged ot_daemon process. To prevent ot_daemon from accessing other apex_system_server_data_file dirs, here use the specific apex_tethering_data_file for both Tethering and Thread files (A subdirectory threadnetwork/ will be created for Thread at runtime). This is similar to apex_art_data_file and apex_virt_data_file. Note that a file_contexts rule like ``` /data/misc/apexdata/com\.android\.tethering/threadnetwork(/.*)? u:object_r:apex_threadnetwork_data_file:s0 ``` won't work because the threadnetwork/ subdir doesn't exist before the sepolicy rules are evaluated. Bug: 309932508 Test: manually verified that Thread settings file can be written to /data/misc/apexdata/com.android.tethering/threadnetwork Change-Id: I66539865ef388115c8e9b388b43291d8faf1f384	2024-01-03 23:01:24 +08:00
..
Android.bp	Add macros to flag-guard te and contexts files	2023-11-09 16:05:17 +09:00
plat_file_contexts_test	[Thread] move Thread settings data to APEX data dir	2024-01-03 23:01:24 +08:00

Kangping Dong e21496b105 [Thread] move Thread settings data to APEX data dir

This commit includes two sepolicy changes:
1. change threadnetwork data file to
/data/misc/apexdata/com.android.tethering/threadnetwork
2. use apex_tethering_data_file for files under
   /data/misc/apexdata/com.android.tethering

The background is that the Thread daemon (ot_daemon) is merged into the
Tethering mainline module, which means the the Tehtering module now has
code running in both system_server and the standalone unprivileged
ot_daemon process. To prevent ot_daemon from accessing other
apex_system_server_data_file dirs, here use the specific
apex_tethering_data_file for both Tethering and Thread files (A
subdirectory threadnetwork/ will be created for Thread at runtime). This
is similar to apex_art_data_file and apex_virt_data_file.

Note that a file_contexts rule like
```
/data/misc/apexdata/com\.android\.tethering/threadnetwork(/.*)?  u:object_r:apex_threadnetwork_data_file:s0
```
won't work because the threadnetwork/ subdir doesn't exist before the
sepolicy rules are evaluated.

Bug: 309932508
Test: manually verified that Thread settings file can be written to
      /data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I66539865ef388115c8e9b388b43291d8faf1f384

2024-01-03 23:01:24 +08:00

Android.bp

Add macros to flag-guard te and contexts files

2023-11-09 16:05:17 +09:00

plat_file_contexts_test

[Thread] move Thread settings data to APEX data dir

2024-01-03 23:01:24 +08:00