Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6b4f91cbf0f1eeb3f6247eb7c3da03bb849364b9^2..6b4f91cbf0f1eeb3f6247eb7c3da03bb849364b9 / .
commit6b4f91cbf0f1eeb3f6247eb7c3da03bb849364b9[log] [tgz]
authorThiƩbaud Weksteen <tweek@google.com>Thu Jul 15 06:39:16 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Jul 15 06:39:16 2021 +0000
treeae87b230ca6d764b1ccee1ca204a64aad9febeb8
parentac14885e9ae8dd0f6d19bbce399d88fb14c77380 [diff]
parent1535fbb0b0eb6bf31ce21bb5389ce115cb14644f [diff]
Merge "Allow Zygote to unmount labeledfs"
diff --git a/private/file.te b/private/file.te
index 29ab8a9..124309c 100644
--- a/private/file.te
+++ b/private/file.te

@@ -48,6 +48,9 @@
 # /data/misc/apexdata/com.android.art/staging
 type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc/apexdata/com.android.compos
+type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+
 # /data/font/files
 type font_data_file, file_type, data_file_type, core_data_file_type;
 

diff --git a/private/file_contexts b/private/file_contexts
index 8e341de..779a37a 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -568,6 +568,7 @@
 /data/misc/a11ytrace(/.*)?      u:object_r:accessibility_trace_data_file:s0
 /data/misc/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
 /data/misc/apexdata/com\.android\.art(/.*)?           u:object_r:apex_art_data_file:s0
+/data/misc/apexdata/com\.android\.compos(/.*)?        u:object_r:apex_compos_data_file:s0
 /data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_system_server_data_file:s0

diff --git a/private/odsign.te b/private/odsign.te
index 57ca048..10adcd5 100644
--- a/private/odsign.te
+++ b/private/odsign.te

@@ -44,6 +44,10 @@
 allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
 allow odsign apex_art_data_file:file { rw_file_perms unlink };
 
+# For CompOS pending key files
+allow odsign apex_compos_data_file:dir { getattr search write remove_name };
+allow odsign apex_compos_data_file:file { r_file_perms unlink };
+
 # Run odrefresh to refresh ART artifacts
 domain_auto_trans(odsign, odrefresh_exec, odrefresh)
 

diff --git a/private/toolbox.te b/private/toolbox.te
index b4a3466..a2b958d 100644
--- a/private/toolbox.te
+++ b/private/toolbox.te

@@ -1,7 +1,3 @@
 typeattribute toolbox coredomain;
 
 init_daemon_domain(toolbox)
-
-# rm -rf /data/misc/virtualizationservice
-allow toolbox virtualizationservice_data_file:dir create_dir_perms;
-allow toolbox virtualizationservice_data_file:file create_file_perms;