Add rules for multi-user backup/restore
The backup system service will move its storage location to per-user CE directories to support multiple users. Add additional iterations on the existing rules to support the new location. /data/backup -> /data/system_ce/[user id]/backup Previously covered by rule backup_data_file /cache/backup -> /data/system_ce/[user id]/backup_stage Previously covered by rule cache_backup_file Also add support for vold to create and perform restorecon on the new locations. Example denials and detailed proposal in the doc on the linked bug. Bug: 121197420 Test: 1) Boot device; check dirs created with correct label; run backup successfully on system user 2) Create secondary user; check dirs created with correct label; run backup successfully Change-Id: I47faa69cd2a6ac55fb762edbf366a86d3b06ca77
This commit is contained in:
parent
9e332a59b2
commit
4c3d11c018
@ -557,6 +557,11 @@
|
||||
# iorapd per-user data
|
||||
/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0
|
||||
|
||||
# Backup service persistent per-user bookkeeping
|
||||
/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
# Backup service temporary per-user data for inter-change with apps
|
||||
/data/system_ce/[0-9]+/backup_stage(/.*)? u:object_r:backup_data_file:s0
|
||||
|
||||
#############################
|
||||
# efs files
|
||||
#
|
||||
|
@ -14,6 +14,7 @@ allow vold_prepare_subdirs {
|
||||
vendor_data_file
|
||||
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
||||
allow vold_prepare_subdirs {
|
||||
backup_data_file
|
||||
face_vendor_data_file
|
||||
fingerprint_vendor_data_file
|
||||
iris_vendor_data_file
|
||||
@ -22,6 +23,7 @@ allow vold_prepare_subdirs {
|
||||
vold_data_file
|
||||
}:dir { create_dir_perms relabelto };
|
||||
allow vold_prepare_subdirs {
|
||||
backup_data_file
|
||||
face_vendor_data_file
|
||||
fingerprint_vendor_data_file
|
||||
iris_vendor_data_file
|
||||
|
Loading…
Reference in New Issue
Block a user