Merge "Rename qtaguid_proc to conform to name conventions"

private/compat/26.0/26.0.cil

@@ -7,6 +7,7 @@
 (type asan_reboot_prop)
 (type log_device)
 (type mediacasserver_service)
+(type qtaguid_proc)
 (type reboot_data_file)
 (type tracing_shell_writable)
 (type tracing_shell_writable_debug)
@@ -522,7 +523,9 @@
 (typeattributeset pstorefs_26_0 (pstorefs))
 (typeattributeset ptmx_device_26_0 (ptmx_device))
 (typeattributeset qtaguid_device_26_0 (qtaguid_device))
-(typeattributeset qtaguid_proc_26_0 (qtaguid_proc))
+(typeattributeset qtaguid_proc_26_0
+  ( qtaguid_proc
+    proc_qtaguid_ctrl))
 (typeattributeset racoon_26_0 (racoon))
 (typeattributeset racoon_exec_26_0 (racoon_exec))
 (typeattributeset racoon_socket_26_0 (racoon_socket))

private/compat/27.0/27.0.cil

 ;; types removed from current policy
-(type webview_zygote_socket)
+(type qtaguid_proc)
 (type reboot_data_file)
 (type rild)
+(type webview_zygote_socket)
 
 (expandtypeattribute (accessibility_service_27_0) true)
 (expandtypeattribute (account_service_27_0) true)
@@ -1236,7 +1237,9 @@
 (typeattributeset property_socket_27_0 (property_socket))
 (typeattributeset pstorefs_27_0 (pstorefs))
 (typeattributeset ptmx_device_27_0 (ptmx_device))
-(typeattributeset qtaguid_device_27_0 (qtaguid_device))
+(typeattributeset qtaguid_device_27_0
+  ( qtaguid_proc
+    proc_qtaguid_ctrl))
 (typeattributeset qtaguid_proc_27_0 (qtaguid_proc))
 (typeattributeset racoon_27_0 (racoon))
 (typeattributeset racoon_exec_27_0 (racoon_exec))

private/genfs_contexts

@@ -17,7 +17,7 @@ genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
 genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
-genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
 genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0

public/app.te

@@ -178,7 +178,7 @@ allow {
     system_app
     platform_app
     shell
-} qtaguid_proc:file rw_file_perms;
+} proc_qtaguid_ctrl:file rw_file_perms;
 r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
 # read /proc/net/xt_qtguid/*stat* to per-app network data usage.
 # Exclude isolated app which may not use network sockets.

public/dumpstate.te

@@ -92,7 +92,6 @@ allow dumpstate {
 }:file r_file_perms;
 
 # Other random bits of data we want to collect
-allow dumpstate qtaguid_proc:file r_file_perms;
 allow dumpstate debugfs:file r_file_perms;
 
 # df for
@@ -164,6 +163,7 @@ allow dumpstate {
   proc_net
   proc_pipe_conf
   proc_pagetypeinfo
+  proc_qtaguid_ctrl
   proc_qtaguid_stat
   proc_version
   proc_vmallocinfo

public/file.te

@@ -12,7 +12,7 @@ type proc_min_free_order_shift, fs_type, proc_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
 type usermodehelper, fs_type, proc_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;
-type qtaguid_proc, fs_type, mlstrustedobject, proc_type;
+type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
 type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
 type proc_bluetooth_writable, fs_type, proc_type;
 type proc_abi, fs_type, proc_type;

public/netd.te

@@ -34,10 +34,10 @@ allow netd devpts:chr_file rw_file_perms;
 # Acquire advisory lock on /system/etc/xtables.lock
 allow netd system_file:file lock;
 
-# Allow netd to write to qtaguid ctrl file. This is the same privilege level that normal apps have
-# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
-#       complete
-allow netd qtaguid_proc:file rw_file_perms;
+# Allow netd to write to qtaguid ctrl file.
+# TODO: Add proper rules to prevent other process to access qtaguid_proc file
+# after migration complete
+allow netd proc_qtaguid_ctrl:file rw_file_perms;
 # Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
 allow netd qtaguid_device:chr_file r_file_perms;