Relabel /data/rollback files as enabling rollback (4/n) We will link files under /data/apex/active and /data/app to /data/rollback when enabling rollbacks to avoid copy. When creating hard links, we have to enusre source and target have the same label to avoid subtle bugs. We will assign apk_data_file to *.apk files and staging_data_file to *.apex files under /data/rollback. Also allow system_server to link /data/apex/active files. Bug: 168562373 Test: m Change-Id: I4be38cc8c84494c4ddfa03e37f2af3958bff5dfb

commit: 65480a460fc5e792aa76665f6a80748dfb9ca7ac [log] [tgz]
author: JW Wang <wangchun@google.com> Mon Nov 23 16:29:55 2020 +0800
committer: JW Wang <wangchun@google.com> Thu Jan 07 11:11:54 2021 +0800
tree: 93574d6d1d900ed4cd2320e24b92b772adf60194
parent: 04db97a72ddd1f15758c4b435c2bb746620b1763 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 90061c6..b60740b 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -519,6 +519,9 @@
 allow system_server staging_data_file:dir create_dir_perms;
 allow system_server staging_data_file:file create_file_perms;
 
+# Manage /data/rollback.
+allow system_server staging_data_file:{ file lnk_file } { create_file_perms link };
+
 # Walk /data/data subdirectories.
 allow system_server app_data_file_type:dir { getattr read search };
commit	65480a460fc5e792aa76665f6a80748dfb9ca7ac	[log] [tgz]
author	JW Wang <wangchun@google.com>	Mon Nov 23 16:29:55 2020 +0800
committer	JW Wang <wangchun@google.com>	Thu Jan 07 11:11:54 2021 +0800
tree	93574d6d1d900ed4cd2320e24b92b772adf60194
parent	04db97a72ddd1f15758c4b435c2bb746620b1763 [diff] [blame]