[Thread] move ot-daemon socket to /dev/socket/ot-daemon On Android, unix sockets are located in /dev/socket/ and managed by init. This commit follows the convention for ot-daemon Bug: 320451788 Test: verified that ot-daemon can create socket /dev/socket/ot-daemon/thread-wpan.sock Change-Id: I6b0fe45602bb54d6d482f5be46ddb5402bea477b

commit: 0d6679a410e87a87ff457a026f1ca09b46e2a8da [log] [tgz]
author: Kangping Dong <wgtdkp@google.com> Tue Jan 16 22:19:28 2024 +0800
committer: Kangping Dong <wgtdkp@google.com> Tue Jan 23 00:00:01 2024 +0800
tree: c1d013313c26ef86fae2b7a4f626e5be6179425c
parent: 7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff]
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index 64b2f2d..20df3b1 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test

@@ -200,6 +200,9 @@
 /dev/socket/mdns                                                  mdns_socket
 /dev/socket/mdnsd                                                 mdnsd_socket
 /dev/socket/mtpd                                                  mtpd_socket
+/dev/socket/ot-daemon/                                            ot_daemon_socket
+/dev/socket/ot-daemon/thread-wpan                                 ot_daemon_socket
+/dev/socket/ot-daemon/100                                         ot_daemon_socket
 /dev/socket/pdx/system/buffer_hub                                 pdx_bufferhub_dir
 /dev/socket/pdx/system/buffer_hub/client                          pdx_bufferhub_client_endpoint_socket
 /dev/socket/pdx/system/performance                                pdx_performance_dir

diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 583b249..c236223 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil

@@ -20,6 +20,7 @@
     hidraw_device
     virtual_camera_service
     ot_daemon_service
+    ot_daemon_socket
     pm_archiving_enabled_prop
     remote_auth_service
     security_state_service

diff --git a/private/file_contexts b/private/file_contexts
index 7fbc580..e58b433 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -167,6 +167,7 @@
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/mtpd	u:object_r:mtpd_socket:s0
+/dev/socket/ot-daemon(/.*)?  u:object_r:ot_daemon_socket:s0
 /dev/socket/pdx/system/buffer_hub	u:object_r:pdx_bufferhub_dir:s0
 /dev/socket/pdx/system/buffer_hub/client	u:object_r:pdx_bufferhub_client_endpoint_socket:s0
 /dev/socket/pdx/system/performance	u:object_r:pdx_performance_dir:s0

diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index 495947f..341fa9c 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te

@@ -19,7 +19,6 @@
 # /data/misc/apexdata/com\.android\.tethering
 allow ot_daemon apex_tethering_data_file:dir {create rw_dir_perms};
 allow ot_daemon apex_tethering_data_file:file create_file_perms;
-allow ot_daemon apex_tethering_data_file:sock_file {create unlink};
 
 # Allow OT daemon to read/write the Thread tunnel interface
 allow ot_daemon tun_device:chr_file {read write};

diff --git a/public/file.te b/public/file.te
index 01143f7..2a84dd0 100644
--- a/public/file.te
+++ b/public/file.te

@@ -539,6 +539,7 @@
 type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
 type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type;
 type mtpd_socket, file_type, coredomain_socket;
+type ot_daemon_socket, file_type, coredomain_socket;
 type property_socket, file_type, coredomain_socket, mlstrustedobject;
 type racoon_socket, file_type, coredomain_socket;
 type recovery_socket, file_type, coredomain_socket;
commit	0d6679a410e87a87ff457a026f1ca09b46e2a8da	[log] [tgz]
author	Kangping Dong <wgtdkp@google.com>	Tue Jan 16 22:19:28 2024 +0800
committer	Kangping Dong <wgtdkp@google.com>	Tue Jan 23 00:00:01 2024 +0800
tree	c1d013313c26ef86fae2b7a4f626e5be6179425c
parent	7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff]