8510d31ed3
Use more general type names for the contents of /data/misc/camera and /data/misc/audio. These were the names used in our policy until 4.3 was released, at which point we switched to be consistent with AOSP. However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and Galaxy Note 3 4.3 image all shipped with policies using _data_file names because they were based on our older policy. So we may as well switch AOSP to these names. Not sure if in fact these could be all coalesced to the new media_data_file type for /data/misc/media introduced by Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343. Options to fix already existing devices, which would only apply to Nexus devices with 4.3 or 4.4 at this point: 1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either the system/core init.rc or to the device-specific init.*.rc files. -or- 2) Add a typealias declaration in the policy to remap the old type names. to the new ones. Then existing types on persistent storage will be remapped internally to the new ones. -or- 3) Some sort of relabeld. Option #2 is implemented by this change. Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
122 lines
4.6 KiB
Text
122 lines
4.6 KiB
Text
# Filesystem types
|
|
type labeledfs, fs_type;
|
|
type pipefs, fs_type;
|
|
type sockfs, fs_type;
|
|
type rootfs, fs_type;
|
|
type proc, fs_type;
|
|
type qtaguid_proc, fs_type, mlstrustedobject;
|
|
type proc_bluetooth_writable, fs_type;
|
|
type selinuxfs, fs_type;
|
|
type cgroup, fs_type, mlstrustedobject;
|
|
type sysfs, fs_type, mlstrustedobject;
|
|
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_wake_lock, fs_type, sysfs_type;
|
|
# /sys/devices/system/cpu
|
|
type sysfs_devices_system_cpu, fs_type, sysfs_type;
|
|
type inotify, fs_type, mlstrustedobject;
|
|
type devpts, fs_type, mlstrustedobject;
|
|
type tmpfs, fs_type;
|
|
type shm, fs_type;
|
|
type mqueue, fs_type;
|
|
type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
|
|
type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
|
|
type debugfs, fs_type, mlstrustedobject;
|
|
|
|
# File types
|
|
type unlabeled, file_type;
|
|
# Default type for anything under /system.
|
|
type system_file, file_type;
|
|
# Default type for anything under /data.
|
|
type system_data_file, file_type, data_file_type;
|
|
# /data/drm - DRM plugin data
|
|
type drm_data_file, file_type, data_file_type;
|
|
# /data/anr - ANR traces
|
|
type anr_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/tombstones - core dumps
|
|
type tombstone_data_file, file_type, data_file_type;
|
|
# /data/app - user-installed apps
|
|
type apk_data_file, file_type, data_file_type;
|
|
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/app-private - forward-locked apps
|
|
type apk_private_data_file, file_type, data_file_type;
|
|
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/dalvik-cache
|
|
type dalvikcache_data_file, file_type, data_file_type;
|
|
# /data/local - writable by shell
|
|
type shell_data_file, file_type, data_file_type;
|
|
# /data/gps
|
|
type gps_data_file, file_type, data_file_type;
|
|
# /data/misc subdirectories
|
|
type audio_data_file, file_type, data_file_type;
|
|
type bluetooth_data_file, file_type, data_file_type;
|
|
type media_data_file, file_type, data_file_type;
|
|
type keystore_data_file, file_type, data_file_type;
|
|
type vpn_data_file, file_type, data_file_type;
|
|
type systemkeys_data_file, file_type, data_file_type;
|
|
type wifi_data_file, file_type, data_file_type;
|
|
type radio_data_file, file_type, data_file_type;
|
|
type nfc_data_file, file_type, data_file_type;
|
|
type camera_data_file, file_type, data_file_type;
|
|
type adb_keys_file, file_type, data_file_type;
|
|
# Compatibility with type names used in vanilla Android 4.3 and 4.4.
|
|
typealias audio_data_file alias audio_firmware_file;
|
|
typealias camera_data_file alias camera_calibration_file;
|
|
# /data/data subdirectories - app sandboxes
|
|
type app_data_file, file_type, data_file_type;
|
|
type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# Default type for anything under /cache
|
|
type cache_file, file_type, mlstrustedobject;
|
|
# Type for /cache/.*\.{data|restore} and default
|
|
# type for anything under /cache/backup
|
|
type cache_backup_file, file_type, mlstrustedobject;
|
|
# Default type for anything under /efs
|
|
type efs_file, file_type;
|
|
# Type for wallpaper file.
|
|
type wallpaper_file, file_type, mlstrustedobject;
|
|
# /mnt/asec
|
|
type asec_apk_file, file_type, data_file_type;
|
|
# /data/app-asec
|
|
type asec_image_file, file_type, data_file_type;
|
|
# /data/backup and /data/secure/backup
|
|
type backup_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# For /data/security
|
|
type security_file, file_type;
|
|
# All devices have bluetooth efs files. But they
|
|
# vary per device, so this type is used in per
|
|
# device policy
|
|
type bluetooth_efs_file, file_type;
|
|
# Downloaded files
|
|
type download_file, file_type;
|
|
|
|
# Socket types
|
|
type adbd_socket, file_type;
|
|
type bluetooth_socket, file_type;
|
|
type dnsproxyd_socket, file_type, mlstrustedobject;
|
|
type gps_socket, file_type;
|
|
type installd_socket, file_type;
|
|
type keystore_socket, file_type;
|
|
type mdns_socket, file_type;
|
|
type netd_socket, file_type;
|
|
type property_socket, file_type;
|
|
type qemud_socket, file_type;
|
|
type racoon_socket, file_type;
|
|
type rild_socket, file_type;
|
|
type rild_debug_socket, file_type;
|
|
type system_wpa_socket, file_type;
|
|
type system_ndebug_socket, file_type;
|
|
type vold_socket, file_type;
|
|
type wpa_socket, file_type;
|
|
type zygote_socket, file_type;
|
|
|
|
# UART (for GPS) control proc file
|
|
type gps_control, file_type;
|
|
|
|
# Allow files to be created in their appropriate filesystems.
|
|
allow fs_type self:filesystem associate;
|
|
allow sysfs_type sysfs:filesystem associate;
|
|
allow file_type labeledfs:filesystem associate;
|
|
allow file_type tmpfs:filesystem associate;
|
|
allow file_type rootfs:filesystem associate;
|
|
allow dev_type tmpfs:filesystem associate;
|