Create a new SELinux type for /data/nativetest

am: e9d261ff * commit 'e9d261ff': Create a new SELinux type for /data/nativetest

Create a new SELinux type for /data/nativetest
6dd7d3cd · Nick Kralevich · android-build-merger · 984b0030 · e9d261ff · 6dd7d3cd
Commit 6dd7d3cd authored 9 years ago by Nick Kralevich Committed by android-build-merger 9 years ago
--- a/domain.te
+++ b/domain.te
@@ -313,6 +313,8 @@ neverallow {
  -apk_data_file
 }:file no_x_file_perms;

+neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
+
 # Only the init property service should write to /data/property.
 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
 neverallow { domain -init } property_data_file:file no_w_file_perms;

--- a/file.te
+++ b/file.te
@@ -91,6 +91,8 @@ type property_data_file, file_type, data_file_type;
 type bootchart_data_file, file_type, data_file_type;
 # /data/system/heapdump
 type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/nativetest
+type nativetest_data_file, file_type, data_file_type;

 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -244,6 +244,7 @@
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
+/data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0

 # Misc data

--- a/shell.te
+++ b/shell.te
@@ -31,6 +31,12 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;

+# Read/execute files in /data/nativetest
+userdebug_or_eng(`
+  allow shell nativetest_data_file:dir r_dir_perms;
+  allow shell nativetest_data_file:file rx_file_perms;
+')
+
 # adb bugreport
 unix_socket_connect(shell, dumpstate, dumpstate)