Add type for APEX data directories. This adds a new apex_module_data_file type for the APEX data directories under /data/misc/apexdata and /data/misc_[de|ce]/<u>/apexdata. Permission is given for vold to identify which APEXes are present and create the corresponding directories under apexdata in the ce/de user directories. See go/apex-data-directories. Bug: 141148175 Test: Built & flashed, checked directories were created. Change-Id: I95591e5fe85fc34f7ed21e2f4a75900ec2cfacfa

commit: 79b4e1af4aa748a47bc2f9b524ab48160b451b75 [log] [tgz]
author: Oli Lan <olilan@google.com> Tue Nov 19 18:10:16 2019 +0000
committer: Oli Lan <olilan@google.com> Mon Dec 09 11:14:38 2019 +0000
tree: aa3c49006cf6e95c322e23d62c560c3a31e9a8f4
parent: ecb84f87d84cda9f5fa0f5690ce2d694baefe31e [diff] [blame]
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 348d3ce..51cc138 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -14,6 +14,7 @@
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
+    apex_module_data_file
     backup_data_file
     face_vendor_data_file
     fingerprint_vendor_data_file
@@ -23,6 +24,7 @@
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
+    apex_module_data_file
     backup_data_file
     face_vendor_data_file
     fingerprint_vendor_data_file
@@ -32,5 +34,6 @@
     system_data_file
     vold_data_file
 }:file { getattr unlink };
+allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
 
 dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
commit	79b4e1af4aa748a47bc2f9b524ab48160b451b75	[log] [tgz]
author	Oli Lan <olilan@google.com>	Tue Nov 19 18:10:16 2019 +0000
committer	Oli Lan <olilan@google.com>	Mon Dec 09 11:14:38 2019 +0000
tree	aa3c49006cf6e95c322e23d62c560c3a31e9a8f4
parent	ecb84f87d84cda9f5fa0f5690ce2d694baefe31e [diff] [blame]