From ff3b957e6373f06d038599ae5afc0ad9b4337bce Mon Sep 17 00:00:00 2001
From: Ricky Wai <rickywai@google.com>
Date: Thu, 14 Dec 2017 09:56:32 +0000
Subject: [PATCH] Add Network Watchlist data file selinux policy(Used in
ConfigUpdater)
Bug: 63908748
Test: Able to boot
Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607
---
private/compat/26.0/26.0.ignore.cil | 1 +
private/file_contexts | 1 +
private/system_server.te | 4 ++++
public/file.te | 1 +
public/vendor_init.te | 5 +++++
5 files changed, 12 insertions(+)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index e359935de..50d4ee7be 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -25,6 +25,7 @@
lowpan_service
mediaprovider_tmpfs
netd_stable_secret_prop
+ network_watchlist_data_file
network_watchlist_service
package_native_service
perfprofd_service
diff --git a/private/file_contexts b/private/file_contexts
index 7d1457ae7..992bdc349 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -384,6 +384,7 @@
/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
/data/misc/media(/.*)? u:object_r:media_data_file:s0
/data/misc/net(/.*)? u:object_r:net_data_file:s0
+/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index 6fb6142bf..eff8e8f31 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -381,6 +381,10 @@ allow system_server heapdump_data_file:file create_file_perms;
allow system_server adb_keys_file:dir create_dir_perms;
allow system_server adb_keys_file:file create_file_perms;
+# Manage /data/misc/network_watchlist
+allow system_server network_watchlist_data_file:dir create_dir_perms;
+allow system_server network_watchlist_data_file:file create_file_perms;
+
# Manage /data/misc/sms.
# TODO: Split into a separate type?
allow system_server radio_data_file:dir create_dir_perms;
diff --git a/public/file.te b/public/file.te
index 81bb1f1e1..e3ffa34e5 100644
--- a/public/file.te
+++ b/public/file.te
@@ -234,6 +234,7 @@ type media_data_file, file_type, data_file_type, core_data_file_type;
type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type misc_user_data_file, file_type, data_file_type, core_data_file_type;
type net_data_file, file_type, data_file_type, core_data_file_type;
+type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
type nfc_data_file, file_type, data_file_type, core_data_file_type;
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index ace58abe7..9aaa53846 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -40,6 +40,7 @@ allow vendor_init {
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -62,6 +63,7 @@ allow vendor_init {
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -85,6 +87,7 @@ allow vendor_init {
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -107,6 +110,7 @@ allow vendor_init {
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -129,6 +133,7 @@ allow vendor_init {
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
--
GitLab