Add Network Watchlist data file selinux policy(Used in ConfigUpdater)
Bug: 63908748
Test: Able to boot
Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index e359935..50d4ee7 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -25,6 +25,7 @@
lowpan_service
mediaprovider_tmpfs
netd_stable_secret_prop
+ network_watchlist_data_file
network_watchlist_service
package_native_service
perfprofd_service
diff --git a/private/file_contexts b/private/file_contexts
index 7d1457a..992bdc3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -384,6 +384,7 @@
/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
/data/misc/media(/.*)? u:object_r:media_data_file:s0
/data/misc/net(/.*)? u:object_r:net_data_file:s0
+/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index 6fb6142..eff8e8f 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -381,6 +381,10 @@
allow system_server adb_keys_file:dir create_dir_perms;
allow system_server adb_keys_file:file create_file_perms;
+# Manage /data/misc/network_watchlist
+allow system_server network_watchlist_data_file:dir create_dir_perms;
+allow system_server network_watchlist_data_file:file create_file_perms;
+
# Manage /data/misc/sms.
# TODO: Split into a separate type?
allow system_server radio_data_file:dir create_dir_perms;
diff --git a/public/file.te b/public/file.te
index 81bb1f1..e3ffa34 100644
--- a/public/file.te
+++ b/public/file.te
@@ -234,6 +234,7 @@
type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type misc_user_data_file, file_type, data_file_type, core_data_file_type;
type net_data_file, file_type, data_file_type, core_data_file_type;
+type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
type nfc_data_file, file_type, data_file_type, core_data_file_type;
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index ace58ab..9aaa538 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -40,6 +40,7 @@
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -62,6 +63,7 @@
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -85,6 +87,7 @@
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -107,6 +110,7 @@
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file
@@ -129,6 +133,7 @@
-incident_data_file
-keystore_data_file
-misc_logd_file
+ -network_watchlist_data_file
-nfc_data_file
-property_data_file
-radio_data_file