Update permissions for the dedicated profile folders Bug: 26719109 Bug: 26563023 Change-Id: Ie0ca764467c874c061752cbbc73e1bacead9b995

commit: 89625c9a6488d01466e5b21856f8fdede047f128 [log] [tgz]
author: Calin Juravle <calin@google.com> Mon Feb 01 19:28:39 2016 +0000
committer: Calin Juravle <calin@google.com> Fri Feb 19 13:40:33 2016 +0000
tree: 987a0400492a879e8c06c7c3b626bceb210f9f9d
parent: 2e1556dc76f75afea71c60e80a23d40b63deef5b [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 9222324..ed8e30e 100644
--- a/file_contexts
+++ b/file_contexts

@@ -203,6 +203,7 @@
 /system/bin/dex2oat     u:object_r:dex2oat_exec:s0
 # patchoat executable has (essentially) the same requirements as dex2oat.
 /system/bin/patchoat    u:object_r:dex2oat_exec:s0
+/system/bin/profman     u:object_r:profman_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
@@ -289,6 +290,10 @@
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
+# TODO(calin) label profile reference differently so that only
+# profman run as a special user can write to them
+/data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0
+/data/misc/profiles/ref(/.*)?       u:object_r:user_profile_data_file:s0
 
 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
commit	89625c9a6488d01466e5b21856f8fdede047f128	[log] [tgz]
author	Calin Juravle <calin@google.com>	Mon Feb 01 19:28:39 2016 +0000
committer	Calin Juravle <calin@google.com>	Fri Feb 19 13:40:33 2016 +0000
tree	987a0400492a879e8c06c7c3b626bceb210f9f9d
parent	2e1556dc76f75afea71c60e80a23d40b63deef5b [diff] [blame]