commit 09bb944221a1e3adeed14eb110895fca2f9b347d
author David Anderson <dvander@google.com> Fri Nov 13 00:45:59 2020 -0800
committer David Anderson <dvander@google.com> Thu Nov 19 21:03:30 2020 +0000
tree 95baab6523c956c31e448067f7535bfeb392010b
parent 5d6020d9f5a60e92a8ec7109344145f3d4ab533d

Add sepolicy for starting the snapuserd daemon through init.

Restrict access to controlling snapuserd via ctl properties. Allow
update_engine to control snapuserd, and connect/write to its socket.

update_engine needs this access so it can create the appropriate dm-user
device (which sends queries to snapuserd), which is then used to build
the update snapshot.

This also fixes a bug where /dev/dm-user was not properly labelled. As a
result, snapuserd and update_engine have been granted r_dir_perms to
dm_user_device.

Bug: 168554689
Test: full ota with VABC enabled
Change-Id: I1f65ba9f16a83fe3e8ed41a594421939a256aec0

private/update_engine.te

diff --git a/private/update_engine.te b/private/update_engine.te
index a33e675..8e09154 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -9,6 +9,9 @@
 # Allow to start gsid service.
 set_prop(update_engine, ctl_gsid_prop)
 
+# Allow to start snapuserd for dm-user communication.
+set_prop(update_engine, ctl_snapuserd_prop)
+
 # Allow to set the OTA related properties, e.g. ota.warm_reset.
 set_prop(update_engine, ota_prop)
 
@@ -17,3 +20,7 @@
 
 # Allow update_engine to call the callback function provided by GKI update hook.
 binder_call(update_engine, gki_apex_prepostinstall)
+
+# Allow to communicate with the snapuserd service, for dm-user snapshots.
+allow update_engine snapuserd:unix_stream_socket connectto;
+allow update_engine snapuserd_socket:sock_file write;