Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d09a14baee182999fb9f85efa50f225ab900fb5f^1..d09a14baee182999fb9f85efa50f225ab900fb5f / .
commitd09a14baee182999fb9f85efa50f225ab900fb5f[log] [tgz]
authorJiakai Zhang <jiakaiz@google.com>Wed Jan 04 17:43:24 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Jan 04 17:43:24 2023 +0000
tree910f710ee696b868ecadf6f585d80ae7c1db2871
parent6baccc1d8e761a9767ac999abc809bd72d576928 [diff]
parent440ae7883ed8e27c87c1c51b0186dd3f275e41aa [diff]
Merge changes from topic "artd-sepolicy-b254013425"

* changes:
  Allow artd to scan directories for cleaning up obsolete managed files.
  Allow system_server to read /data/misc/profman.

diff --git a/private/artd.te b/private/artd.te
index 88094e7..c887258 100644
--- a/private/artd.te
+++ b/private/artd.te

@@ -71,8 +71,9 @@
 #   profile files to the system or apps.
 allow artd self:global_capability_class_set { dac_override dac_read_search fowner chown };
 
-# Read/write access to profiles (/data/misc/profiles/{ref,cur}/...).
-allow artd user_profile_root_file:dir { getattr search };
+# Read/write access to profiles (/data/misc/profiles/{ref,cur}/...). Also allow
+# scanning /data/misc/profiles/cur, for cleaning up obsolete managed files.
+allow artd user_profile_root_file:dir r_dir_perms;
 allow artd user_profile_data_file:dir rw_dir_perms;
 allow artd user_profile_data_file:file create_file_perms;
 
@@ -94,6 +95,26 @@
 # Check validity of SELinux context, for restorecon.
 selinux_check_context(artd)
 
+# Allow scanning /, for cleaning up obsolete managed files.
+allow artd rootfs:dir r_dir_perms;
+
+# Allow scanning /data, for cleaning up obsolete managed files.
+allow artd system_data_root_file:dir r_dir_perms;
+
+# Allow scanning /mnt, for cleaning up obsolete managed files.
+allow artd tmpfs:dir r_dir_perms;
+
+# Allow scanning /mnt/expand, for cleaning up obsolete managed files.
+allow artd mnt_expand_file:dir r_dir_perms;
+
+# Allow scanning {/data,/mnt/expand/<volume-uuid>}/{user,user_de}, for cleaning
+# up obsolete managed files.
+allow artd system_userdir_file:dir r_dir_perms;
+
+# Allow scanning {/data,/mnt/expand/<volume-uuid>}/{user,user_de}/<user-id> and
+# /mnt/expand/<volume-uuid>, for cleaning up obsolete managed files.
+allow artd system_data_file:dir r_dir_perms;
+
 # Never allow running other binaries without a domain transition.
 # The only exception is art_exec. It is allowed to use the artd domain because
 # it is a thin wrapper that executes other binaries on behalf of artd.

diff --git a/private/system_server.te b/private/system_server.te
index b13c4f5..576da94 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1184,8 +1184,9 @@
 
 # System server may dump profile data for debuggable apps in the /data/misc/profman.
 # As such it needs to be able create files but it should never read from them.
+# It also needs to stat the directory to check if it has the right permissions.
 allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
-allow system_server profman_dump_data_file:dir w_dir_perms;
+allow system_server profman_dump_data_file:dir rw_dir_perms;
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`