commit b729aa6c5e0eafc381865d40e827c18b6ab2b832
author Tianjie <xunchang@google.com> Tue Oct 05 22:13:20 2021 -0700
committer Tianjie <xunchang@google.com> Thu Oct 14 16:21:10 2021 -0700
tree 24ad99ab863399f515d26dca083bb0a859c680e6
parent 7609e175c53e817dfe452d7fa4226f83425f4c84

Add context for checkin directory

Checkin apps use /data/misc_ce/<id>/checkin to backup the checkin
metadata. So users won't lose the checkin tokens when they clear
the app's storage.

One example is when GMScore is used for checkin, users may clear
GMScore data via "settings". If the device accidentally loses the
token without backup, it won't be able to checkin again until
factory reset.

The contents in checkin dir will be cleaned up when a user is removed
from the device. We also plan to add Gmscore test to ensure the dir
is cleaned up at checkin time, thus prevent other Gmscore modules
from using this storage by mistake.

Bug: 197636740
Test: boot device, check selinux label, check gmscore writes to the new dir
Change-Id: If3ff5e0fb75b4d49ce80d91b0086b58db002e4fb

private/app.te

diff --git a/private/app.te b/private/app.te
index 2b3554f..8477133 100644
--- a/private/app.te
+++ b/private/app.te
@@ -103,3 +103,7 @@
   -system_data_file # shared libs in apks
   -apk_data_file
 }:file no_x_file_perms;
+
+# For now, don't allow apps other than gmscore to access /data/misc_ce/<userid>/checkin
+neverallow { appdomain -gmscore_app } checkin_data_file:dir *;
+neverallow { appdomain -gmscore_app } checkin_data_file:file *;

private/file.te

diff --git a/private/file.te b/private/file.te
index 7e0bdd2..f2d3f56 100644
--- a/private/file.te
+++ b/private/file.te
@@ -30,6 +30,9 @@
 # of application data.
 type rollback_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc_ce/checkin for checkin apps.
+type checkin_data_file, file_type, data_file_type, core_data_file_type;
+
 # /data/gsi/ota
 type ota_image_data_file, file_type, data_file_type, core_data_file_type;
 

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index bc75fd3..55b9e41 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -658,6 +658,9 @@
 /data/misc_de/[0-9]+/storaged(/.*)?       u:object_r:storaged_data_file:s0
 /data/misc_ce/[0-9]+/storaged(/.*)?       u:object_r:storaged_data_file:s0
 
+# checkin data files
+/data/misc_ce/[0-9]+/checkin(/.*)? u:object_r:checkin_data_file:s0
+
 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 

private/gmscore_app.te

diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 571d155..799d7ff 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -121,6 +121,10 @@
 allow gmscore_app ota_package_file:dir rw_dir_perms;
 allow gmscore_app ota_package_file:file create_file_perms;
 
+# Write the checkin metadata to /data/misc_ce/<userid>/checkin
+allow gmscore_app checkin_data_file:dir rw_dir_perms;
+allow gmscore_app checkin_data_file:file create_file_perms;
+
 # Used by Finsky / Android "Verify Apps" functionality when
 # running "adb install foo.apk".
 allow gmscore_app shell_data_file:file r_file_perms;

private/vold_prepare_subdirs.te

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index ad7e6bb..c6d482a 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -20,6 +20,7 @@
     apex_module_data_file
     apex_rollback_data_file
     backup_data_file
+    checkin_data_file
     face_vendor_data_file
     fingerprint_vendor_data_file
     iris_vendor_data_file
@@ -34,6 +35,7 @@
     apex_module_data_file
     apex_rollback_data_file
     backup_data_file
+    checkin_data_file
     face_vendor_data_file
     fingerprint_vendor_data_file
     iris_vendor_data_file