From 1c8464e1365950538e9e4647a4f220910f79ab1e Mon Sep 17 00:00:00 2001
From: rpcraig <rpcraig@tycho.ncsc.mil>
Date: Tue, 4 Dec 2012 08:13:58 -0500
Subject: [PATCH] App data backup security policy.

Policy covers:

 * backup_data_file type for labeling all
   files/dirs under /data dealing with
   backup mechanism.

 * cache_backup_file type for labeling all
   files/dirs under /cache dealing with
   backup mechanism. This also covers the
   the use of LocalTransport for local archive
   and restore testing.

 * the use of 'adb shell bmgr' to initiate
   backup mechanism from shell.

 * the use of 'adb backup/restore' to archive
   and restore the device's data.

Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 app.te        |  7 +++++++
 file.te       |  5 +++++
 file_contexts |  6 ++++++
 system.te     | 13 +++++++++++--
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/app.te b/app.te
index b3cd7ccfb..7cd8c5a2b 100644
--- a/app.te
+++ b/app.te
@@ -201,3 +201,10 @@ r_dir_file(appdomain, isolated_app)
 # are examined.
 allow appdomain isolated_app:unix_stream_socket { read write };
 allow isolated_app appdomain:unix_stream_socket { read write };
+
+# Backup ability for every app. BMS opens and passes the fd
+# to any app that has backup ability. Hence, no open permissions here.
+allow { appdomain isolated_app } backup_data_file:file { read write };
+allow { appdomain isolated_app } cache_backup_file:file { read write };
+# Backup ability using 'adb backup'
+allow { appdomain isolated_app } system_data_file:lnk_file getattr;
diff --git a/file.te b/file.te
index 64c8de6b2..4dbf1c895 100644
--- a/file.te
+++ b/file.te
@@ -55,6 +55,9 @@ type app_data_file, file_type, data_file_type;
 type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
 # Default type for anything under /cache
 type cache_file, file_type, mlstrustedobject;
+# Type for /cache/.*\.{data|restore} and default
+# type for anything under /cache/backup
+type cache_backup_file, file_type, mlstrustedobject;
 # Default type for anything under /efs
 type efs_file, file_type;
 # Type for wallpaper file.
@@ -63,6 +66,8 @@ type wallpaper_file, file_type, mlstrustedobject;
 type asec_apk_file, file_type, data_file_type;
 # /data/app-asec
 type asec_image_file, file_type, data_file_type;
+# /data/backup and /data/secure/backup
+type backup_data_file, file_type, data_file_type, mlstrustedobject;
 
 # All devices have bluetooth efs files. But they
 # vary per device, so this type is used in per
diff --git a/file_contexts b/file_contexts
index 837ee1daa..b2d253ab9 100644
--- a/file_contexts
+++ b/file_contexts
@@ -140,6 +140,8 @@
 # Data files
 #
 /data(/.*)?		u:object_r:system_data_file:s0
+/data/backup(/.*)?		u:object_r:backup_data_file:s0
+/data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
 /data/drm(/.*)?		u:object_r:drm_data_file:s0
 /data/gps(/.*)?		u:object_r:gps_data_file:s0
 /data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
@@ -170,6 +172,10 @@
 # Cache files
 #
 /cache(/.*)?		u:object_r:cache_file:s0
+/cache/.*\.data	u:object_r:cache_backup_file:s0
+/cache/.*\.restore	u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this directory
+/cache/backup(/.*)?	u:object_r:cache_backup_file:s0
 #############################
 # sysfs files
 #
diff --git a/system.te b/system.te
index 85b43470d..3ede14a2c 100644
--- a/system.te
+++ b/system.te
@@ -189,8 +189,8 @@ type_transition system wifi_data_file:sock_file system_wpa_socket;
 allow system system_wpa_socket:sock_file create_file_perms;
 
 # Manage cache files.
-allow system cache_file:dir create_dir_perms;
-allow system cache_file:file create_file_perms;
+allow system cache_file:dir { relabelfrom create_dir_perms };
+allow system cache_file:file { relabelfrom create_file_perms };
 
 # Run system programs, e.g. dexopt.
 allow system system_file:file x_file_perms;
@@ -212,3 +212,12 @@ allow system rild:unix_stream_socket connectto;
 
 # connect to vpn tunnel
 allow system mtp:unix_stream_socket { connectto };
+
+# BackupManagerService lets PMS create a data backup file
+allow system cache_backup_file:file create_file_perms;
+# Relabel /data/backup
+allow system backup_data_file:dir { relabelto relabelfrom };
+# Relabel /cache/.*\.{data|restore}
+allow system cache_backup_file:file { relabelto relabelfrom };
+# LocalTransport creates and relabels /cache/backup
+allow system cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
-- 
GitLab