Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / afc9791f211bd867a9bd8f96b090f9bf4db9f142^! / .
commitafc9791f211bd867a9bd8f96b090f9bf4db9f142[log] [tgz]
authorsatayev <satayev@google.com>Fri Mar 19 11:08:49 2021 +0000
committerArtur Satayev <satayev@google.com>Fri Mar 19 11:23:00 2021 +0000
treef1b2d87855b2ab5ea4bc9f1041d9e2d7edd553a4
parent0b47552028f8c39508a7daf5549cb717c1d7d938 [diff]
Revert^2 "Introduce derive_classpath."

5fd85de907f9c22ab7a540b5b3dda156962c18bc

Bug: 180105615
Test: manual boot of cuttlefish and gphone emulator
Change-Id: I9e43268d3b745e65b5ccc0a4896a7e55a253659d

diff --git a/apex/com.android.sdkext-file_contexts b/apex/com.android.sdkext-file_contexts
index 2d59dda..551a12c 100644
--- a/apex/com.android.sdkext-file_contexts
+++ b/apex/com.android.sdkext-file_contexts

@@ -1,2 +1,3 @@
-(/.*)?                u:object_r:system_file:s0
-/bin/derive_sdk       u:object_r:derive_sdk_exec:s0
+(/.*)?                       u:object_r:system_file:s0
+/bin/derive_classpath        u:object_r:derive_classpath_exec:s0
+/bin/derive_sdk              u:object_r:derive_sdk_exec:s0

diff --git a/private/derive_classpath.te b/private/derive_classpath.te
new file mode 100644
index 0000000..71960d3
--- /dev/null
+++ b/private/derive_classpath.te

@@ -0,0 +1,12 @@
+
+# Domain for derive_classpath
+type derive_classpath, domain, coredomain;
+type derive_classpath_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(derive_classpath)
+
+# Create /data/system/environ/classpath file
+allow derive_classpath environ_system_data_file:dir rw_dir_perms;
+allow derive_classpath environ_system_data_file:file create_file_perms;
+
+# b/183079517 fails on gphone targets otherwise
+allow derive_classpath unlabeled:dir search;

diff --git a/private/file.te b/private/file.te
index 910210d..984a7b6 100644
--- a/private/file.te
+++ b/private/file.te

@@ -53,3 +53,6 @@
 
 # /data/misc/odsign
 type odsign_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/system/environ
+type environ_system_data_file, file_type, data_file_type, core_data_file_type;

diff --git a/private/file_contexts b/private/file_contexts
index f8bb5ec..1347797 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -504,6 +504,7 @@
 #
 /data		u:object_r:system_data_root_file:s0
 /data/(.*)?		u:object_r:system_data_file:s0
+/data/system/environ(/.*)? u:object_r:environ_system_data_file:s0
 /data/system/packages\.list u:object_r:packages_list_file:s0
 /data/unencrypted(/.*)?         u:object_r:unencrypted_data_file:s0
 /data/backup(/.*)?		u:object_r:backup_data_file:s0