Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f09db16c569aa1709cbe1f640aac65a20d902a06^! / .
commitf09db16c569aa1709cbe1f640aac65a20d902a06[log] [tgz]
authorSongchun Fan <schfan@google.com>Mon Jan 13 09:33:08 2020 -0800
committerSongchun Fan <schfan@google.com>Mon Feb 03 14:28:37 2020 -0800
tree480b39d0d874e463f6da374b0d3952796037e9cc
parent4de3228c461d54752a5ca0d011ffc13686e0a3cb [diff]
[selinux] properly labeling dirs under /data/incremental

Setting files and dirs under /data/incremental as apk_data_file, so that
they will have the same permissions as the ones under /data/app.

Current layout of the dirs:
1. /data/incremental/[random]/mount -> holds data files (such as base.apk) and
control files (such as .cmd). Its subdirectory is first bind-mounted to
/data/incremental/tmp/[random], eventually bind-mounted to
/data/app/~~[randomA]/[packageName]-[randomB].

2. /data/incremental/[random]/backing_mount -> hold incfs backing image.

3. /data/incremental/tmp/[random] -> holds temporary mountpoints (bind-mount targets)
during app installation.

Test: manual
Change-Id: Ia5016db2fa2c7bad1e6611d59625731795eb9efc

diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 149c6ee..6d7863e 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -46,7 +46,6 @@
     hal_vibrator_service
     incfs
     incremental_service
-    incremental_root_file
     init_perf_lsm_hooks_prop
     init_svc_debug_prop
     iorap_prefetcherd

diff --git a/private/file_contexts b/private/file_contexts
index eafbd3e..a6db9f9 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -491,7 +491,6 @@
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/gsi(/.*)?        u:object_r:gsi_data_file:s0
 /data/gsi/ota(/.*)?    u:object_r:ota_image_data_file:s0
-/data/incremental(/.*)?   u:object_r:incremental_root_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
@@ -608,6 +607,9 @@
 /data/misc_de/[0-9]+/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
 /data/misc_ce/[0-9]+/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
 
+# Incremental directories
+/data/incremental(/.*)?                        u:object_r:apk_data_file:s0
+
 #############################
 # Expanded data files
 #

diff --git a/public/file.te b/public/file.te
index b2909ff..21ed2c5 100644
--- a/public/file.te
+++ b/public/file.te

@@ -309,8 +309,6 @@
 type staging_data_file, file_type, data_file_type, core_data_file_type;
 # /vendor/apex
 type vendor_apex_file, vendor_file_type, file_type;
-# /data/incremental
-type incremental_root_file, file_type, data_file_type, core_data_file_type;
 
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;