Allow apexd to relabel files in /data/apex/decompressed We have created a new directory called /data/apex/decompressed. All files under this directory will have staging_data_file label, but the directory itself needs to have apex_data_file label. This is because apexd needs to write inside this directory and we don't want to give apexd write access to staging_data_file label. When a file is written under this directory, it gets its parent's label. So we need to restore the proper labeling. Hence, we are allowing apexd labeling permissions. Bug: 172911820 Test: atest ApexCompressionTests#testCompressedApexIsActivated Change-Id: I0a910fa5591b2aace70804701545eb4ac510ec24

commit: 12b7ccd8f78df8cbd2e35218f39a716634051938 [log] [tgz]
author: Mohammad Samiul Islam <samiul@google.com> Fri Jan 22 21:04:10 2021 +0000
committer: Mohammad Islam <samiul@google.com> Mon Feb 01 13:39:44 2021 +0000
tree: 9902a408d1572cdc9a4bf79e7e4fcae98b38bdbc
parent: bbb67dbbca1f4f5b1782778a22d478e9ed75efaa [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 7aeba99..2a76712 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -518,6 +518,7 @@
 /data/apex(/.*)?		u:object_r:apex_data_file:s0
 /data/apex/active/(.*)?		u:object_r:staging_data_file:s0
 /data/apex/backup/(.*)?		u:object_r:staging_data_file:s0
+/data/apex/decompressed/(.*)?    u:object_r:staging_data_file:s0
 /data/app(/.*)?                       u:object_r:apk_data_file:s0
 # Traditional /data/app/[packageName]-[randomString]/base.apk location
 /data/app/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
commit	12b7ccd8f78df8cbd2e35218f39a716634051938	[log] [tgz]
author	Mohammad Samiul Islam <samiul@google.com>	Fri Jan 22 21:04:10 2021 +0000
committer	Mohammad Islam <samiul@google.com>	Mon Feb 01 13:39:44 2021 +0000
tree	9902a408d1572cdc9a4bf79e7e4fcae98b38bdbc
parent	bbb67dbbca1f4f5b1782778a22d478e9ed75efaa [diff] [blame]