Sepolicy setup for /data/misc/connectivityblobdb/ Create a new folder for connectivity blobs, to be used by ConnectivityBlobStore for VPN and WIFI to replace legacy keystore. System server will need permissions to manage databases in the folder and system server will create the folder in init.rc. Bug: 307903113 Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test Test: build and manual test. Change-Id: Ib51632af9624d8c3ebf2f752547e162a3fbbb1b0

commit: 0e638112f2283078e22e0fd8de1dbe4e51429e95 [log] [tgz]
author: Hansen Kurli <hkurli@google.com> Thu Dec 14 16:30:26 2023 +0800
committer: Gabriel Biren <gbiren@google.com> Tue Mar 05 19:52:20 2024 +0000
tree: 397e1200f100f78ce88a1fd6f4706566224c6328
parent: edfb82499eb6edfecf161ad62bc09ee82ea0d4b3 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 886499e..c265084 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -608,6 +608,11 @@
 allow system_server appcompat_data_file:dir rw_dir_perms;
 allow system_server appcompat_data_file:file create_file_perms;
 
+# Manage /data/misc/connectivityblobdb.
+# Specifically, for vpn and wifi to create, read and write to an sqlite database.
+allow system_server connectivityblob_data_file:dir create_dir_perms;
+allow system_server connectivityblob_data_file:file create_file_perms;
+
 # Manage /data/misc/emergencynumberdb
 allow system_server emergency_data_file:dir create_dir_perms;
 allow system_server emergency_data_file:file create_file_perms;
commit	0e638112f2283078e22e0fd8de1dbe4e51429e95	[log] [tgz]
author	Hansen Kurli <hkurli@google.com>	Thu Dec 14 16:30:26 2023 +0800
committer	Gabriel Biren <gbiren@google.com>	Tue Mar 05 19:52:20 2024 +0000
tree	397e1200f100f78ce88a1fd6f4706566224c6328
parent	edfb82499eb6edfecf161ad62bc09ee82ea0d4b3 [diff] [blame]