Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 1c8464e1365950538e9e4647a4f220910f79ab1e^! / . / file_contexts
commit1c8464e1365950538e9e4647a4f220910f79ab1e[log] [tgz]
authorrpcraig <rpcraig@tycho.ncsc.mil>Tue Dec 04 08:13:58 2012 -0500
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Mar 19 22:22:10 2013 +0000
tree7806d1eb31f213a5733e17a8533d0b913a531628
parentc57dbccb50ff804f2e002df8bd6db54b0477b877 [diff] [blame]
App data backup security policy.

Policy covers:

 * backup_data_file type for labeling all
   files/dirs under /data dealing with
   backup mechanism.

 * cache_backup_file type for labeling all
   files/dirs under /cache dealing with
   backup mechanism. This also covers the
   the use of LocalTransport for local archive
   and restore testing.

 * the use of 'adb shell bmgr' to initiate
   backup mechanism from shell.

 * the use of 'adb backup/restore' to archive
   and restore the device's data.

Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

diff --git a/file_contexts b/file_contexts
index 837ee1d..b2d253a 100644
--- a/file_contexts
+++ b/file_contexts

@@ -140,6 +140,8 @@
 # Data files
 #
 /data(/.*)?		u:object_r:system_data_file:s0
+/data/backup(/.*)?		u:object_r:backup_data_file:s0
+/data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
 /data/drm(/.*)?		u:object_r:drm_data_file:s0
 /data/gps(/.*)?		u:object_r:gps_data_file:s0
 /data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
@@ -170,6 +172,10 @@
 # Cache files
 #
 /cache(/.*)?		u:object_r:cache_file:s0
+/cache/.*\.data	u:object_r:cache_backup_file:s0
+/cache/.*\.restore	u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this directory
+/cache/backup(/.*)?	u:object_r:cache_backup_file:s0
 #############################
 # sysfs files
 #