am 8bb30801: Add new domains for private apps.

* commit '8bb30801': Add new domains for private apps.

am 8bb30801: Add new domains for private apps.
0ebd1280 · Robert Craig · Android Git Automerger · d998ffe6 · 8bb30801 · 0ebd1280
Commit 0ebd1280 authored 12 years ago by Robert Craig Committed by Android Git Automerger 12 years ago
--- a/app.te
+++ b/app.te
@@ -20,8 +20,10 @@ allow platform_app cache_file:file create_file_perms;
 allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
 allow platform_app shell_data_file:lnk_file read;
-# Populate /data/app/vmdl*.tmp file created by system server.
-allow platform_app apk_tmp_file:file rw_file_perms;
+# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+# created by system server.
+allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
+allow platform_app apk_private_data_file:dir search;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;

--- a/file.te
+++ b/file.te
@@ -36,6 +36,9 @@ type tombstone_data_file, file_type, data_file_type;
 # /data/app - user-installed apps
 type apk_data_file, file_type, data_file_type;
 type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
+# /data/app-private - forward-locked apps
+type apk_private_data_file, file_type, data_file_type;
+type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
 # /data/dalvik-cache
 type dalvikcache_data_file, file_type, data_file_type;
 # /data/local - writable by shell

--- a/file_contexts
+++ b/file_contexts
@@ -165,6 +165,8 @@
 /data/anr(/.*)?		u:object_r:anr_data_file:s0
 /data/app(/.*)?		u:object_r:apk_data_file:s0
 /data/app/vmdl.*\.tmp	u:object_r:apk_tmp_file:s0
+/data/app-private(/.*)?		u:object_r:apk_private_data_file:s0
+/data/app-private/vmdl.*\.tmp	u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 # Misc data

--- a/system.te
+++ b/system.te
@@ -152,8 +152,8 @@ allow system data_file_type:notdevfile_class_set create_file_perms;
 allow system rootfs:file r_file_perms;

 # Relabel apk files.
-allow system apk_tmp_file:file { relabelfrom relabelto };
-allow system apk_data_file:file { relabelfrom relabelto };
+allow system { apk_tmp_file apk_private_tmp_file }:file { relabelfrom relabelto };
+allow system { apk_data_file apk_private_data_file }:file { relabelfrom relabelto };

 # Relabel wallpaper.
 allow system system_data_file:file relabelfrom;