From ee5ddb213ea5aabe1a67cefaf09263b5189bc7d1 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 19 Mar 2014 15:16:08 -0400
Subject: [PATCH] Allow installd to restorecon /data/data.

Ability to relabel from/to any of the types that can be assigned
to /data/data directories as per seapp_contexts type= assignments.

Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 installd.te | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/installd.te b/installd.te
index 92bfe2f3d..abf0b16ee 100644
--- a/installd.te
+++ b/installd.te
@@ -28,3 +28,18 @@ allow installd bluetooth_data_file:lnk_file { create setattr };
 allow installd nfc_data_file:lnk_file { create setattr };
 allow installd radio_data_file:lnk_file { create setattr };
 allow installd shell_data_file:lnk_file { create setattr };
+# restorecon /data/data
+allow installd unlabeled:dir relabelfrom;
+allow installd unlabeled:notdevfile_class_set relabelfrom;
+allow installd system_data_file:dir { relabelfrom relabelto };
+allow installd system_data_file:notdevfile_class_set { relabelfrom relabelto };
+allow installd bluetooth_data_file:dir { relabelfrom relabelto };
+allow installd bluetooth_data_file:notdevfile_class_set { relabelfrom relabelto };
+allow installd nfc_data_file:dir { relabelfrom relabelto };
+allow installd nfc_data_file:notdevfile_class_set { relabelfrom relabelto };
+allow installd radio_data_file:dir { relabelfrom relabelto };
+allow installd radio_data_file:notdevfile_class_set { relabelfrom relabelto };
+allow installd app_data_file:dir { relabelfrom relabelto };
+allow installd app_data_file:notdevfile_class_set { relabelfrom relabelto };
+allow installd shell_data_file:dir { relabelfrom relabelto };
+allow installd shell_data_file:notdevfile_class_set { relabelfrom relabelto };
-- 
GitLab