Allow dumpstate to read /data/system/shutdown-checkpoints/
Bug: 260366497
Bug: 264600011
Test: Take bugreport and check dmesg for avc error
Test: Reboot and check shutdown-checkpoints
Change-Id: Ifcc7de30ee64e18f78af147cd3da39d7c6dc6f5f
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 238cb96..aeb6dd3 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -48,6 +48,7 @@
remote_provisioning_service
rkpdapp
servicemanager_prop
+ shutdown_checkpoints_system_data_file
stats_config_data_file
system_net_netd_service
timezone_metadata_prop
diff --git a/private/file_contexts b/private/file_contexts
index 6166065..ca7e97a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -781,6 +781,9 @@
# User icon files
/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0
+# Shutdown-checkpoints files
+/data/system/shutdown-checkpoints(/.*)? u:object_r:shutdown_checkpoints_system_data_file:s0
+
# vold per-user data
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index a39eaa2..e9a6bba 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1487,6 +1487,10 @@
allow system_server self:perf_event { open write cpu kernel };
neverallow system_server self:perf_event ~{ open write cpu kernel };
+# Allow writing files under /data/system/shutdown-checkpoints/
+allow system_server shutdown_checkpoints_system_data_file:dir create_dir_perms;
+allow system_server shutdown_checkpoints_system_data_file:file create_file_perms;
+
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 6b112dc..e626133 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -368,6 +368,10 @@
use_apex_info(dumpstate)
+# Allow reading files under /data/system/shutdown-checkpoints/
+allow dumpstate shutdown_checkpoints_system_data_file:dir r_dir_perms;
+allow dumpstate shutdown_checkpoints_system_data_file:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/public/file.te b/public/file.te
index 1e13e53..d508a7f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -380,6 +380,8 @@
type staging_data_file, file_type, data_file_type, core_data_file_type;
# /vendor/apex
type vendor_apex_file, vendor_file_type, file_type;
+# /data/system/shutdown-checkpoints
+type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;