Add sepolicy for /metadata/tradeinmode.
This defines a new type, tradeinmode_metadata_file, which is applied to
/metadata/tradeinmode. This directory contains an indicator, written by
system_server, that a factory reset must be initiated. The indicator is
read by first-stage init.
A neverallow rule is included since we don't want random processes reading or writing to this directory.
Bug: 307713521
Test: adb shell tradeinmode enter
Change-Id: Icc3c815a77bbadc1d4b32b88226e55a5595f5388
diff --git a/private/file.te b/private/file.te
index 662d5cc..60aa5d5 100644
--- a/private/file.te
+++ b/private/file.te
@@ -218,6 +218,8 @@
# /data/misc_ce/userId/storage_area_keys
type storage_area_key_file, file_type, data_file_type, core_data_file_type;
+# /metadata/tradeinmode files
+type tradeinmode_metadata_file, file_type;
# Types added in 202504 in public/file.te
until_board_api(202504, `
diff --git a/private/file_contexts b/private/file_contexts
index f837b70..f605e66 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -889,6 +889,7 @@
/metadata/aconfig(/.*)? u:object_r:aconfig_storage_metadata_file:s0
/metadata/aconfig/flags(/.*)? u:object_r:aconfig_storage_flags_metadata_file:s0
/metadata/aconfig_test_missions(/.*)? u:object_r:aconfig_test_mission_files:s0
+/metadata/tradeinmode(/.*)? u:object_r:tradeinmode_metadata_file:s0
############################
# mount point for ota metadata
diff --git a/private/system_server.te b/private/system_server.te
index 6a13816..f39668e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1504,6 +1504,10 @@
allow system_server password_slot_metadata_file:dir rw_dir_perms;
allow system_server password_slot_metadata_file:file create_file_perms;
+# Allow TradeInMode service rw access to /metadata/tradeinmode.
+allow system_server tradeinmode_metadata_file:dir rw_dir_perms;
+allow system_server tradeinmode_metadata_file:file create_file_perms;
+
allow system_server userspace_reboot_metadata_file:dir create_dir_perms;
allow system_server userspace_reboot_metadata_file:file create_file_perms;
@@ -1679,6 +1683,9 @@
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
+# Do not allow anything other than system_server and init to touch /metadata/tradeinmode.
+neverallow { domain -init -system_server } tradeinmode_metadata_file:file no_rw_file_perms;
+
neverallow {
domain
-init
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 84ec60e..0a2d62c 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -115,6 +115,7 @@
-userspace_reboot_metadata_file
-aconfig_storage_metadata_file
-aconfig_storage_flags_metadata_file
+ -tradeinmode_metadata_file
enforce_debugfs_restriction(`-debugfs_type')
}:file { create getattr open read write setattr relabelfrom unlink map };