Add initial sepolicy for app data snapshots. Define a rollback_data_file label and apply it to the snapshots directory. This change contains just enough detail to allow vold_prepare_subdirs to prepare these directories correctly. A follow up change will flesh out the access policy on these directories in more detail. Test: make, manual Bug: 112431924 Change-Id: I4fa7187d9558697016af4918df6e34aac1957176

commit: 2ad229c7886b7cc4534eadbad4ef47d07bc6f69a [log] [tgz]
author: Narayan Kamath <narayan@google.com> Mon Jan 14 15:02:12 2019 +0000
committer: Narayan Kamath <narayan@google.com> Wed Jan 16 15:22:51 2019 +0000
tree: c69b7cdf4ec21abd982c25ede8368ebc0bca97c6
parent: 6d53efcf468e13be3fa08ec5055a6f7e2e934a42 [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 0605ee4..11f8f6e 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -514,6 +514,10 @@
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 
+# App data snapshots (managed by installd).
+/data/misc_de/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
+/data/misc_ce/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
+
 #############################
 # Expanded data files
 #
commit	2ad229c7886b7cc4534eadbad4ef47d07bc6f69a	[log] [tgz]
author	Narayan Kamath <narayan@google.com>	Mon Jan 14 15:02:12 2019 +0000
committer	Narayan Kamath <narayan@google.com>	Wed Jan 16 15:22:51 2019 +0000
tree	c69b7cdf4ec21abd982c25ede8368ebc0bca97c6
parent	6d53efcf468e13be3fa08ec5055a6f7e2e934a42 [diff] [blame]