From baf49bd541a9df4f38bf917fbfc850569a4cae94 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 12 May 2014 11:18:21 -0400
Subject: [PATCH] Label /data/.layout_version with its own type.

installd creates /data/.layout_version.  Introduce a separate type
for this file (and any other file created by installd under a directory
labeled system_data_file) so that we can allow create/write access by
installd without allowing it to any system data files created by other
processes.  This prevents installd from overwriting other system data
files, and ensure that any files it creates will require explicit
rules in order to access.

Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 file.te       | 3 +++
 file_contexts | 1 +
 installd.te   | 7 ++++---
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/file.te b/file.te
index 4f75d379d..ac4220fd4 100644
--- a/file.te
+++ b/file.te
@@ -41,6 +41,9 @@ type unlabeled, file_type;
 type system_file, file_type;
 # Default type for anything under /data.
 type system_data_file, file_type, data_file_type;
+# /data/.layout_version or other installd-created files that
+# are created in a system_data_file directory.
+type install_data_file, file_type, data_file_type;
 # /data/drm - DRM plugin data
 type drm_data_file, file_type, data_file_type;
 # /data/anr - ANR traces
diff --git a/file_contexts b/file_contexts
index ce2639059..0926d745f 100644
--- a/file_contexts
+++ b/file_contexts
@@ -164,6 +164,7 @@
 # Data files
 #
 /data(/.*)?		u:object_r:system_data_file:s0
+/data/.layout_version		u:object_r:install_data_file:s0
 /data/backup(/.*)?		u:object_r:backup_data_file:s0
 /data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
 /data/security(/.*)?	u:object_r:security_file:s0
diff --git a/installd.te b/installd.te
index 8f332b248..cabebc6aa 100644
--- a/installd.te
+++ b/installd.te
@@ -31,7 +31,8 @@ allow installd system_data_file:dir relabelfrom;
 allow installd media_rw_data_file:dir relabelto;
 
 # Create /data/.layout_version.* file
-allow installd system_data_file:file create_file_perms;
+type_transition installd system_data_file:file install_data_file;
+allow installd install_data_file:file create_file_perms;
 
 # Create files under /data/dalvik-cache.
 allow installd dalvikcache_data_file:dir create_dir_perms;
@@ -49,9 +50,9 @@ allow installd unlabeled:dir { getattr search relabelfrom };
 allow installd unlabeled:notdevfile_class_set { getattr relabelfrom };
 
 # Upgrade from before system_app_data_file was used for system UID apps.
-# Just need enough to relabel it.
+# Just need enough to relabel it and to unlink removed package files.
 # Directory access covered by earlier rule above.
-allow installd system_data_file:notdevfile_class_set { getattr relabelfrom };
+allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlink };
 
 # Manage /data/data subdirectories, including initially labeling them
 # upon creation via setfilecon or running restorecon_recursive,
-- 
GitLab