Allow update_engine to access /data/misc/update_engine_log

Add label update_engine_log_data_file for log files created by update engine in directory /data/misc/update_engine_log. Bug: 65568605 Test: manual Change-Id: I379db82a0ea540e41cb3b8e03f93d9ce64fac7c9

Allow update_engine to access /data/misc/update_engine_log
6fe014f8 · Hakan Kvist · Tianjie Xu · aa93dad6 · 6fe014f8 · 6fe014f8
Commit 6fe014f8 authored 7 years ago by Hakan Kvist Committed by Tianjie Xu 7 years ago
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -34,6 +34,7 @@
    thermalserviced_tmpfs
    timezone_service
    tombstoned_java_trace_socket
+    update_engine_log_data_file
    vendor_init
    vold_prepare_subdirs
    vold_prepare_subdirs_exec

--- a/private/file_contexts
+++ b/private/file_contexts
@@ -387,6 +387,7 @@
 /data/misc/vold(/.*)?           u:object_r:vold_data_file:s0
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
+/data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
 # TODO(calin) label profile reference differently so that only

--- a/public/file.te
+++ b/public/file.te
@@ -240,6 +240,7 @@ type vold_data_file, file_type, data_file_type, core_data_file_type;
 type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type tee_data_file, file_type, data_file_type;
 type update_engine_data_file, file_type, data_file_type, core_data_file_type;
+type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc/trace for method traces on userdebug / eng builds
 type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;


--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -20,8 +20,12 @@ wakelock_use(update_engine);
 dontaudit update_engine kernel:process setsched;

 # Allow using persistent storage in /data/misc/update_engine.
-allow update_engine update_engine_data_file:dir { create_dir_perms };
-allow update_engine update_engine_data_file:file { create_file_perms };
+allow update_engine update_engine_data_file:dir create_dir_perms;
+allow update_engine update_engine_data_file:file create_file_perms;
+
+# Allow using persistent storage in /data/misc/update_engine_log.
+allow update_engine update_engine_log_data_file:dir create_dir_perms;
+allow update_engine update_engine_log_data_file:file create_file_perms;

 # Don't allow kernel module loading, just silence the logs.
 dontaudit update_engine kernel:system module_request;