Move staged backup content to a specific cache subdir
Also narrowly specify the domain for the local transport's bookkeeping.
Bug 26834865
Change-Id: I2eea8a10f29356ffecabd8e102f7afa90123c535
diff --git a/domain.te b/domain.te
index 80d2328..7081428 100644
--- a/domain.te
+++ b/domain.te
@@ -270,7 +270,7 @@
-recovery # for /tmp/update_binary in tmpfs
} { fs_type -rootfs }:file execute;
# Files from cache should never be executed
-neverallow domain { cache_file cache_backup_file cache_recovery_file }:file execute;
+neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute;
# Protect most domains from executing arbitrary content from /data.
neverallow {
diff --git a/file.te b/file.te
index 0c5593d..25c4c06 100644
--- a/file.te
+++ b/file.te
@@ -145,9 +145,10 @@
typealias app_data_file alias download_file;
# Default type for anything under /cache
type cache_file, file_type, mlstrustedobject;
-# Type for /cache/.*\.{data|restore} and default
-# type for anything under /cache/backup
+# Type for /cache/backup_stage/* (fd interchange with apps)
type cache_backup_file, file_type, mlstrustedobject;
+# type for anything under /cache/backup (local transport storage)
+type cache_private_backup_file, file_type;
# Type for anything under /cache/recovery
type cache_recovery_file, file_type, mlstrustedobject;
# Default type for anything under /efs
diff --git a/file_contexts b/file_contexts
index 55212d4..f292780 100644
--- a/file_contexts
+++ b/file_contexts
@@ -319,11 +319,12 @@
# Cache files
#
/cache(/.*)? u:object_r:cache_file:s0
-/cache/.*\.data u:object_r:cache_backup_file:s0
-/cache/.*\.restore u:object_r:cache_backup_file:s0
-# LocalTransport (backup) uses this directory
-/cache/backup(/.*)? u:object_r:cache_backup_file:s0
/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
+# General backup/restore interchange with apps
+/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this subtree
+/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
+
#############################
# sysfs files
#
diff --git a/system_server.te b/system_server.te
index 979dd0c..2bb21a3 100644
--- a/system_server.te
+++ b/system_server.te
@@ -337,14 +337,12 @@
# Allow abstract socket connection
allow system_server rild:unix_stream_socket connectto;
-# BackupManagerService lets PMS create a data backup file
+# BackupManagerService needs to manipulate backup data files
+allow system_server cache_backup_file:dir rw_dir_perms;
allow system_server cache_backup_file:file create_file_perms;
-# Relabel /data/backup
-allow system_server backup_data_file:dir { relabelto relabelfrom };
-# Relabel /cache/.*\.{data|restore}
-allow system_server cache_backup_file:file { relabelto relabelfrom };
-# LocalTransport creates and relabels /cache/backup
-allow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
+# LocalTransport works inside /cache/backup
+allow system_server cache_private_backup_file:dir create_dir_perms;
+allow system_server cache_private_backup_file:file create_file_perms;
# Allow system to talk to usb device
allow system_server usb_device:chr_file rw_file_perms;