commit 93a99cf8fcbd8f864918e54483d693e9ac5dcb5d
author Jiyong Park <jiyong@google.com> Mon May 11 20:49:07 2020 +0900
committer Jiyong Park <jiyong@google.com> Wed May 27 09:35:11 2020 +0900
tree a31ff2ec51f229e4367aefd42e0a009c511a9a1f
parent 5c8c93e33d9884324bbf9a647417e7cc2ed4fcda

Introduce apex_info_file type

/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.

Bug: 154823184
Test: m
Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
(cherry picked from commit f1de4c02cc3da98d052ca81e48e7d4682eea6088)
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2

private/apexd.te

diff --git a/private/apexd.te b/private/apexd.te
index c03790c..4d9f5ac 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -64,6 +64,9 @@
 allow apexd apex_mnt_dir:dir mounton;
 # allow apexd to create symlinks in /apex
 allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to create /apex/apex-info-list.xml and relabel to apex_info_file
+allow apexd apex_mnt_dir:file { create_file_perms relabelfrom };
+allow apexd apex_info_file:file relabelto;
 # allow apexd to unlink apex files in /data/apex/active
 # note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
 # because it doesn't have write permission for staging_data_file object.
@@ -159,3 +162,6 @@
 # only apexd can set apexd sysprop
 set_prop(apexd, apexd_prop)
 neverallow { domain -apexd -init } apexd_prop:property_service set;
+
+# only apexd can write apex-info-list.xml
+neverallow { domain -apexd } apex_info_file:file no_w_file_perms;

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 3bc59e1..4c444d3 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -5,4 +5,5 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    apex_info_file
     gnss_device))

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 218bb51..dd64d57 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -33,6 +33,8 @@
 /sys                u:object_r:sysfs:s0
 /apex               u:object_r:apex_mnt_dir:s0
 
+/apex/apex-info-list.xml u:object_r:apex_info_file:s0
+
 # Symlinks
 /bin                u:object_r:rootfs:s0
 /bugreports         u:object_r:rootfs:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index bd87ead..4a3a538 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1094,6 +1094,9 @@
 # Allow system server to scan /apex for flattened APEXes
 allow system_server apex_mnt_dir:dir r_dir_perms;
 
+# Allow system server to read /apex/apex-info-list.xml
+allow system_server apex_info_file:file r_file_perms;
+
 # Allow system server to communicate to system-suspend's control interface
 allow system_server system_suspend_control_service:service_manager find;
 binder_call(system_server, system_suspend)

private/zygote.te

diff --git a/private/zygote.te b/private/zygote.te
index 5f08f8d..b1e2378 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -200,6 +200,9 @@
 # Allow zygote to access media_variant_prop for static initialization
 get_prop(zygote, media_variant_prop)
 
+# Allow zygote to read /apex/apex-info-list.xml
+allow zygote apex_info_file:file r_file_perms;
+
 ###
 ### neverallow rules
 ###