Let system server set permissions on marker file
System server needs to create a file in /metadata/aconfig, and set its
permissions.
Bug: 328444881
Test: m
Change-Id: I30aa576e46d8963e78ff21ad328160a99bd5d523
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index c76f030..6a238a4 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -1233,6 +1233,8 @@
/metadata/aconfig/flags/test aconfig_storage_flags_metadata_file
/metadata/aconfig/boot aconfig_storage_metadata_file
/metadata/aconfig/boot/test aconfig_storage_metadata_file
+/metadata/aconfig_test_missions aconfig_test_mission_files
+/metadata/aconfig_test_missions/test aconfig_test_mission_files
/metadata/apex apex_metadata_file
/metadata/apex/test apex_metadata_file
/metadata/vold vold_metadata_file
diff --git a/private/domain.te b/private/domain.te
index b5525d5..ebd8917 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -562,6 +562,7 @@
# that records where flag storage files are, so also needs to be readable by everbody.
r_dir_file({ coredomain appdomain }, aconfig_storage_metadata_file);
r_dir_file({ coredomain appdomain }, system_aconfig_storage_file);
+r_dir_file({ coredomain appdomain }, aconfig_test_mission_files);
# processes needs to access storage file stored at /metadata/aconfig/boot, require search
# permission on /metadata dir
diff --git a/private/file.te b/private/file.te
index 5295f69..b96e18b 100644
--- a/private/file.te
+++ b/private/file.te
@@ -156,6 +156,8 @@
# Type for /vendor/etc/aconfig
type vendor_aconfig_storage_file, vendor_file_type, file_type;
+type aconfig_test_mission_files, file_type;
+
# /data/misc/connectivityblobdb
type connectivityblob_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 193c033..75ebf2c 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -872,6 +872,7 @@
/metadata/repair-mode(/.*)? u:object_r:repair_mode_metadata_file:s0
/metadata/aconfig(/.*)? u:object_r:aconfig_storage_metadata_file:s0
/metadata/aconfig/flags(/.*)? u:object_r:aconfig_storage_flags_metadata_file:s0
+/metadata/aconfig_test_missions(/.*)? u:object_r:aconfig_test_mission_files:s0
#############################
# asec containers
diff --git a/private/system_server.te b/private/system_server.te
index 8e137e3..869d222 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1486,6 +1486,9 @@
allow system_server aconfig_storage_flags_metadata_file:file create_file_perms;
allow system_server aconfig_storage_metadata_file:dir search;
+allow system_server aconfig_test_mission_files:dir create_dir_perms;
+allow system_server aconfig_test_mission_files:file create_file_perms;
+
allow system_server repair_mode_metadata_file:dir rw_dir_perms;
allow system_server repair_mode_metadata_file:file create_file_perms;