Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b01e1d97bf1320d54c8641cfff687f13f32013bf^! / . / private / system_server.te
commitb01e1d97bf1320d54c8641cfff687f13f32013bf[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Tue Nov 10 18:02:14 2020 +0000
committerAlan Stokes <alanstokes@google.com>Tue Nov 10 18:02:14 2020 +0000
treed14bbc78a7eb7dc39c17f650676e8cbbb2ad9cac
parent27e0c740f1894e9a390b7105255eb29401d25c35 [diff] [blame]
Revert "Introduce app_data_file_type attribute."

This reverts commit 27e0c740f1894e9a390b7105255eb29401d25c35.

Reason for revert: b/172926597

Change-Id: Id2443446cbdf51dc05b303028377895b9cf2a09e

diff --git a/private/system_server.te b/private/system_server.te
index 889a11b..0d48554 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -519,7 +519,16 @@
 allow system_server staging_data_file:file create_file_perms;
 
 # Walk /data/data subdirectories.
-allow system_server app_data_file_type:dir { getattr read search };
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+  system_app_data_file
+  bluetooth_data_file
+  nfc_data_file
+  radio_data_file
+  shell_data_file
+  app_data_file
+  privapp_data_file
+}:dir { getattr read search };
 
 # Also permit for unlabeled /data/data subdirectories and
 # for unlabeled asec containers on upgrades from 4.2.
@@ -532,7 +541,16 @@
 allow system_server system_app_data_file:file create_file_perms;
 
 # Receive and use open app data files passed over binder IPC.
-allow system_server app_data_file_type:file { getattr read write append map };
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+  system_app_data_file
+  bluetooth_data_file
+  nfc_data_file
+  radio_data_file
+  shell_data_file
+  app_data_file
+  privapp_data_file
+}:file { getattr read write append map };
 
 # Access to /data/media for measuring disk usage.
 allow system_server media_rw_data_file:dir { search getattr open read };
@@ -1023,11 +1041,14 @@
 # system server should never be operating on zygote spawned app data
 # files directly. Rather, they should always be passed via a
 # file descriptor.
-# Exclude those types that system_server needs to open directly.
+# Types extracted from seapp_contexts type= fields, excluding
+# those types that system_server needs to open directly.
 neverallow system_server {
-  app_data_file_type
-  -system_app_data_file
-  -radio_data_file
+  bluetooth_data_file
+  nfc_data_file
+  shell_data_file
+  app_data_file
+  privapp_data_file
 }:file { open create unlink link };
 
 # Forking and execing is inherently dangerous and racy. See, for