SELinux policies for /data/preloads directory

am: 49ac2a3d * commit '49ac2a3d': SELinux policies for /data/preloads directory Change-Id: Ib928cda316ef31f361ad09ef29b264eb9df754d5

SELinux policies for /data/preloads directory
72f0fbb2 · Fyodor Kupolov · android-build-merger · ef502625 · 49ac2a3d · 72f0fbb2
Commit 72f0fbb2 authored 8 years ago by Fyodor Kupolov Committed by android-build-merger 8 years ago
--- a/file.te
+++ b/file.te
@@ -107,6 +107,8 @@ type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
 type nativetest_data_file, file_type, data_file_type;
 # /data/system_de/0/ringtones
 type ringtone_file, file_type, data_file_type, mlstrustedobject;
+# /data/preloads
+type preloads_data_file, file_type, data_file_type;
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -253,6 +253,7 @@
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 /data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
+/data/preloads(/.*)?	u:object_r:preloads_data_file:s0
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0

--- a/platform_app.te
+++ b/platform_app.te
@@ -51,3 +51,7 @@ allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app app_api_service:service_manager find;
 allow platform_app system_api_service:service_manager find;
 allow platform_app vr_manager_service:service_manager find;
+# Access to /data/preloads
+allow platform_app preloads_data_file:file r_file_perms;
+allow platform_app preloads_data_file:dir r_dir_perms;
--- a/priv_app.te
+++ b/priv_app.te
@@ -92,6 +92,10 @@ allow priv_app update_engine_service:service_manager find;
 # Allow Phone to read/write cached ringtones (opened by system).
 allow priv_app ringtone_file:file { getattr read write };
+# Access to /data/preloads
+allow priv_app preloads_data_file:file r_file_perms;
+allow priv_app preloads_data_file:dir r_dir_perms;
 ###
 ### neverallow rules
 ###

--- a/system_server.te
+++ b/system_server.te
@@ -522,6 +522,10 @@ allow system_server postinstall:fifo_file write;
 allow system_server update_engine:fd use;
 allow system_server update_engine:fifo_file write;
+# Access to /data/preloads
+allow system_server preloads_data_file:file { r_file_perms unlink };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
 ###
 ### Neverallow rules
 ###