Create a new SELinux type for /data/nativetest am: e9d261ff am: 6dd7d3cd

am: 8810311a * commit '8810311a': Create a new SELinux type for /data/nativetest

Create a new SELinux type for /data/nativetest am: e9d261ff am: 6dd7d3cd
28d27948 · Nick Kralevich · android-build-merger · 438740a4 · 8810311a · 28d27948
Commit 28d27948 authored 9 years ago by Nick Kralevich Committed by android-build-merger 9 years ago
--- a/domain.te
+++ b/domain.te
@@ -312,6 +312,8 @@ neverallow {
  -apk_data_file
 }:file no_x_file_perms;
+neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
 # Only the init property service should write to /data/property.
 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
 neverallow { domain -init } property_data_file:file no_w_file_perms;

--- a/file.te
+++ b/file.te
@@ -91,6 +91,8 @@ type property_data_file, file_type, data_file_type;
 type bootchart_data_file, file_type, data_file_type;
 # /data/system/heapdump
 type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/nativetest
+type nativetest_data_file, file_type, data_file_type;
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -245,6 +245,7 @@
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
+/data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
 # Misc data

--- a/shell.te
+++ b/shell.te
@@ -31,6 +31,12 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;
+# Read/execute files in /data/nativetest
+userdebug_or_eng(`
+  allow shell nativetest_data_file:dir r_dir_perms;
+  allow shell nativetest_data_file:file rx_file_perms;
+')
 # adb bugreport
 unix_socket_connect(shell, dumpstate, dumpstate)