rename rs_data_file to app_exec_data_file
There are multiple trusted system components which may be responsible
for creating executable code within an application's home directory.
Renderscript is just one of those trusted components.
Generalize rs_data_file to app_exec_data_file. This label is intended to
be used for any executable code created by trusted components placed
into an application's home directory.
Introduce a typealias statement to ensure files with the previous label
continue to be understood by policy.
This change is effectively a no-op, as it just renames a type, but
neither adds or removes any rules.
Bug: 121375718
Bug: 112357170
Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases
Change-Id: I17dca5e3e8a1237eb236761862174744fb2196c0
diff --git a/private/rs.te b/private/rs.te
index 56f8dfc..f0c9409 100644
--- a/private/rs.te
+++ b/private/rs.te
@@ -1,8 +1,8 @@
# Any files which would have been created as app_data_file
-# will be created as rs_data_file instead.
+# will be created as app_exec_data_file instead.
allow rs app_data_file:dir ra_dir_perms;
-allow rs rs_data_file:file create_file_perms;
-type_transition rs app_data_file:file rs_data_file;
+allow rs app_exec_data_file:file create_file_perms;
+type_transition rs app_data_file:file app_exec_data_file;
# Follow /data/user/0 symlink
allow rs system_data_file:lnk_file read;
@@ -11,7 +11,7 @@
allow rs app_data_file:file r_file_perms;
allow rs app_data_file:dir r_dir_perms;
-# Cleanup rs_data_file files in the app home directory.
+# Cleanup app_exec_data_file files in the app home directory.
allow rs app_data_file:dir remove_name;
# Use vendor resources