commit 806898db48a6c00dea576fdce07420018d7eecf3
author Yi-Yo Chiang <yochiang@google.com> Mon Mar 22 13:46:12 2021 +0800
committer Yo Chiang <yochiang@google.com> Mon Mar 29 03:09:35 2021 +0000
tree 3ad92870445f00382db773bfea14f9d06d49249f
parent 9f3fe38950236e59fa2791df6f407810c6d2a4f0

Split gsi_metadata_file and add gsi_metadata_file_type attribute

Split gsi_metadata_file into gsi_metadata_file plus
gsi_public_metadata_file, and add gsi_metadata_file_type attribute.
Files that are okay to be publicly readable are labeled with
gsi_public_metadata_file. Right now only files needed to infer the
device fstab belong to this label.
The difference between gsi_metadata_file and gsi_public_metadata_file is
that gsi_public_metadata_file has relaxed neverallow rules, so processes
who wish to read the fstab can add the respective allow rules to their
policy files.
Allow gsid to restorecon on gsi_metadata_file to fix the file context of
gsi_public_metadata_file.

Bug: 181110285
Test: Build pass
Test: Issue a DSU installation then verify no DSU related denials and
  files under /metadata/gsi/ are labeled correctly.
Change-Id: I54a5fe734dd345e28fd8c0874d5fceaf80ab8c11

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 1347797..d5d773c 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -762,6 +762,10 @@
 /metadata/apex(/.*)?      u:object_r:apex_metadata_file:s0
 /metadata/vold(/.*)?      u:object_r:vold_metadata_file:s0
 /metadata/gsi(/.*)?       u:object_r:gsi_metadata_file:s0
+/metadata/gsi/dsu/active  u:object_r:gsi_public_metadata_file:s0
+/metadata/gsi/dsu/booted  u:object_r:gsi_public_metadata_file:s0
+/metadata/gsi/dsu/lp_names  u:object_r:gsi_public_metadata_file:s0
+/metadata/gsi/dsu/[^/]+/metadata_encryption_dir u:object_r:gsi_public_metadata_file:s0
 /metadata/gsi/ota(/.*)?   u:object_r:ota_metadata_file:s0
 /metadata/password_slots(/.*)?    u:object_r:password_slot_metadata_file:s0
 /metadata/ota(/.*)?       u:object_r:ota_metadata_file:s0