Add type for directories containing snapshots of apex data.
This adds a new apex_rollback_data_file type for the snapshots (backups) of APEX data directories that can be restored in the event of a rollback. Permission is given for apexd to create files and dirs in those directories and for vold_prepare_subdirs to create the directories. See go/apex-data-directories for details. Bug: 141148175 Test: Built and flashed, checked directory was created with the correct type. Change-Id: I94b448dfc096e5702d3e33ace6f9df69f58340fd
This commit is contained in:
parent
79b4e1af4a
commit
91ce5b9c22
@ -11,6 +11,10 @@ allow apexd metadata_file:dir search;
|
||||
allow apexd apex_metadata_file:dir create_dir_perms;
|
||||
allow apexd apex_metadata_file:file create_file_perms;
|
||||
|
||||
# Allow apexd to create directories for snapshots of apex data
|
||||
allow apexd apex_rollback_data_file:dir create_dir_perms;
|
||||
allow apexd apex_rollback_data_file:file create_file_perms;
|
||||
|
||||
# allow apexd to create loop devices with /dev/loop-control
|
||||
allow apexd loop_control_device:chr_file rw_file_perms;
|
||||
# allow apexd to access loop devices
|
||||
@ -125,3 +129,6 @@ neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
|
||||
|
||||
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
|
||||
|
||||
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
|
||||
|
@ -6,6 +6,7 @@
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
apex_module_data_file
|
||||
apex_rollback_data_file
|
||||
app_integrity_service
|
||||
app_search_service
|
||||
auth_service
|
||||
|
@ -496,6 +496,7 @@
|
||||
# Misc data
|
||||
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
|
||||
/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
|
||||
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
|
||||
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
|
||||
/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
|
||||
@ -583,6 +584,10 @@
|
||||
/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
|
||||
/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
|
||||
|
||||
# Apex rollback directories
|
||||
/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
|
||||
/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
|
||||
|
||||
#############################
|
||||
# Expanded data files
|
||||
#
|
||||
|
@ -15,6 +15,7 @@ allow vold_prepare_subdirs {
|
||||
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
||||
allow vold_prepare_subdirs {
|
||||
apex_module_data_file
|
||||
apex_rollback_data_file
|
||||
backup_data_file
|
||||
face_vendor_data_file
|
||||
fingerprint_vendor_data_file
|
||||
@ -25,6 +26,7 @@ allow vold_prepare_subdirs {
|
||||
}:dir { create_dir_perms relabelto };
|
||||
allow vold_prepare_subdirs {
|
||||
apex_module_data_file
|
||||
apex_rollback_data_file
|
||||
backup_data_file
|
||||
face_vendor_data_file
|
||||
fingerprint_vendor_data_file
|
||||
|
@ -331,6 +331,7 @@ type postinstall_apex_mnt_dir, file_type;
|
||||
# /data/misc subdirectories
|
||||
type adb_keys_file, file_type, data_file_type, core_data_file_type;
|
||||
type apex_module_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type audio_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type audioserver_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
Loading…
Reference in New Issue
Block a user