sepolicy: new prereboot_data_file type
This adds the type and permissions for dumping and appending prereboot
information.
Bug: 145203410
Test: Didn't see denials while dumping and appending prereboot info.
Change-Id: Ic08408b9bebc3648a7668ed8475f96a5302635fa
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 376c0a5..8be2021 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -65,6 +65,7 @@
module_sdkextensions_prop
ota_metadata_file
ota_prop
+ prereboot_data_file
art_apex_dir
rebootescrow_hal_prop
service_manager_service
diff --git a/private/file_contexts b/private/file_contexts
index 0a0d3c9..8249d2a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -540,6 +540,7 @@
/data/misc/net(/.*)? u:object_r:net_data_file:s0
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
+/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index f2f1707..23b439b 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -440,6 +440,10 @@
# with no DAC access to it, for dropbox to read.
allow system_server incident_data_file:file read;
+# Manage /data/misc/prereboot.
+allow system_server prereboot_data_file:dir rw_dir_perms;
+allow system_server prereboot_data_file:file create_file_perms;
+
# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over
# binder.
allow system_server perfetto_traces_data_file:file read;