From d8447fdfe1db8571158659bc2daf058335842a06 Mon Sep 17 00:00:00 2001
From: Andres Morales <anmorales@google.com>
Date: Wed, 9 Jul 2014 15:18:32 -0700
Subject: [PATCH] Typedef+rules for SysSer to access persistent block device

Defines new device type persistent_data_block_device

This block device will allow storage of data that
will live across factory resets.

Gives rw and search access to SystemServer.

Change-Id: I298eb40f9a04c16e90dcc1ad32d240ca84df3b1e
---
 device.te        | 3 +++
 system_server.te | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/device.te b/device.te
index e9b7e515a..42d15e3bb 100644
--- a/device.te
+++ b/device.te
@@ -64,3 +64,6 @@ type rpmsg_device, dev_type;
 
 # Partition layout block device
 type root_block_device, dev_type;
+
+# Persistent data block device
+type persistent_data_block_device, dev_type;
diff --git a/system_server.te b/system_server.te
index db82029e1..a049e3525 100644
--- a/system_server.te
+++ b/system_server.te
@@ -380,6 +380,11 @@ allow system_server keystore:keystore_key {
 	clear_uid
 };
 
+# Allow system server to search and write to the persistent data block device
+# This block device does not get wiped in a factory reset.
+allow system_server persistent_data_block_device:blk_file rw_file_perms;
+allow system_server block_device:dir search;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab