Minimize public policy
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
diff --git a/private/profman.te b/private/profman.te
index 7ad49b2..af53646 100644
--- a/private/profman.te
+++ b/private/profman.te
@@ -15,3 +15,31 @@
# profman needs to read the embedded profile that artd extracts from an APK,
# which is passed by a memfd.
allow profman artd_tmpfs:file { getattr read map lock };
+
+allow profman user_profile_data_file:file { getattr read write lock map };
+
+# Dumping profile info opens the application APK file for pretty printing.
+allow profman asec_apk_file:file { read map };
+allow profman apk_data_file:file { getattr read map };
+allow profman apk_data_file:dir { getattr read search };
+
+allow profman oemfs:file { read map };
+# Reading an APK opens a ZipArchive, which unpack to tmpfs.
+allow profman tmpfs:file { read map };
+allow profman profman_dump_data_file:file { write map };
+
+# Allow profman to analyze profiles for the secondary dex files. These
+# are application dex files reported back to the framework when using
+# BaseDexClassLoader.
+allow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
+allow profman { privapp_data_file app_data_file }:dir { getattr read search };
+
+# Allow query ART device config properties
+get_prop(profman, device_config_runtime_native_prop)
+get_prop(profman, device_config_runtime_native_boot_prop)
+
+###
+### neverallow rules
+###
+
+neverallow profman app_data_file_type:notdevfile_class_set open;