Merge "Allow update_engine to access /data/misc/update_engine_log"

commit: 07ff6107689f17c8e6188f5e49e3d2a441bef23e [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Fri Nov 10 22:06:53 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Nov 10 22:06:53 2017 +0000
tree: e2eb4d35845006d8c328d26849df13ac557656bd
parent: 185941aaff0e0c0050c32fba38af7617fcdf56cf [diff]
parent: 6fe014f8cbf1524faf04ca8daf9fbbb4fcb2ed88 [diff]
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 1d8351d..fdc672a 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -34,6 +34,7 @@
     thermalserviced_tmpfs
     timezone_service
     tombstoned_java_trace_socket
+    update_engine_log_data_file
     vendor_init
     vold_prepare_subdirs
     vold_prepare_subdirs_exec

diff --git a/private/file_contexts b/private/file_contexts
index ca0a696..05c36c3 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -387,6 +387,7 @@
 /data/misc/vold(/.*)?           u:object_r:vold_data_file:s0
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
+/data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
 # TODO(calin) label profile reference differently so that only

diff --git a/public/file.te b/public/file.te
index 0798bd1..5353a3d 100644
--- a/public/file.te
+++ b/public/file.te

@@ -240,6 +240,7 @@
 type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type tee_data_file, file_type, data_file_type;
 type update_engine_data_file, file_type, data_file_type, core_data_file_type;
+type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc/trace for method traces on userdebug / eng builds
 type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 

diff --git a/public/update_engine.te b/public/update_engine.te
index 289d216..9f9b557 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te

@@ -20,8 +20,12 @@
 dontaudit update_engine kernel:process setsched;
 
 # Allow using persistent storage in /data/misc/update_engine.
-allow update_engine update_engine_data_file:dir { create_dir_perms };
-allow update_engine update_engine_data_file:file { create_file_perms };
+allow update_engine update_engine_data_file:dir create_dir_perms;
+allow update_engine update_engine_data_file:file create_file_perms;
+
+# Allow using persistent storage in /data/misc/update_engine_log.
+allow update_engine update_engine_log_data_file:dir create_dir_perms;
+allow update_engine update_engine_log_data_file:file create_file_perms;
 
 # Don't allow kernel module loading, just silence the logs.
 dontaudit update_engine kernel:system module_request;
commit	07ff6107689f17c8e6188f5e49e3d2a441bef23e	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Fri Nov 10 22:06:53 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Nov 10 22:06:53 2017 +0000
tree	e2eb4d35845006d8c328d26849df13ac557656bd
parent	185941aaff0e0c0050c32fba38af7617fcdf56cf [diff]
parent	6fe014f8cbf1524faf04ca8daf9fbbb4fcb2ed88 [diff]