From 6fe014f8cbf1524faf04ca8daf9fbbb4fcb2ed88 Mon Sep 17 00:00:00 2001
From: Hakan Kvist <hakan.kvist@sony.com>
Date: Mon, 6 Nov 2017 12:56:00 +0100
Subject: [PATCH] Allow update_engine to access /data/misc/update_engine_log

Add label update_engine_log_data_file for log files created by
update engine in directory /data/misc/update_engine_log.

Bug: 65568605
Test: manual
Change-Id: I379db82a0ea540e41cb3b8e03f93d9ce64fac7c9
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/file_contexts               | 1 +
 public/file.te                      | 1 +
 public/update_engine.te             | 8 ++++++--
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 1d8351d99..fdc672abc 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -34,6 +34,7 @@
     thermalserviced_tmpfs
     timezone_service
     tombstoned_java_trace_socket
+    update_engine_log_data_file
     vendor_init
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
diff --git a/private/file_contexts b/private/file_contexts
index ca0a69685..05c36c3d1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -387,6 +387,7 @@
 /data/misc/vold(/.*)?           u:object_r:vold_data_file:s0
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
+/data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
 # TODO(calin) label profile reference differently so that only
diff --git a/public/file.te b/public/file.te
index 0798bd1cd..5353a3dec 100644
--- a/public/file.te
+++ b/public/file.te
@@ -240,6 +240,7 @@ type vold_data_file, file_type, data_file_type, core_data_file_type;
 type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type tee_data_file, file_type, data_file_type;
 type update_engine_data_file, file_type, data_file_type, core_data_file_type;
+type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc/trace for method traces on userdebug / eng builds
 type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 
diff --git a/public/update_engine.te b/public/update_engine.te
index 289d21680..9f9b557a2 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -20,8 +20,12 @@ wakelock_use(update_engine);
 dontaudit update_engine kernel:process setsched;
 
 # Allow using persistent storage in /data/misc/update_engine.
-allow update_engine update_engine_data_file:dir { create_dir_perms };
-allow update_engine update_engine_data_file:file { create_file_perms };
+allow update_engine update_engine_data_file:dir create_dir_perms;
+allow update_engine update_engine_data_file:file create_file_perms;
+
+# Allow using persistent storage in /data/misc/update_engine_log.
+allow update_engine update_engine_log_data_file:dir create_dir_perms;
+allow update_engine update_engine_log_data_file:file create_file_perms;
 
 # Don't allow kernel module loading, just silence the logs.
 dontaudit update_engine kernel:system module_request;
-- 
GitLab