commit 605715d66569d23ca533dfa896530dd0f5afe8d0
author Treehugger Robot <treehugger-gerrit@google.com> Thu Feb 10 11:44:11 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 10 11:44:11 2022 +0000
tree f17f2567dc2fa8c558ea7f19570ef7be9f359ae8
parent 7f1eaf1b458975d8c28903880e30d3af1ecffd2b
parent 53c76a25bbf9266178b61d157c7f4f9efb6b36d5

Merge "Support legacy apexdata labels"

private/file.te

diff --git a/private/file.te b/private/file.te
index 5b6170f..759fede 100644
--- a/private/file.te
+++ b/private/file.te
@@ -54,6 +54,13 @@
 # /data/misc/apexdata/com.android.compos
 type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 
+# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained
+# for backward compatibility b/217581286
+type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+
 # /data/font/files
 type font_data_file, file_type, data_file_type, core_data_file_type;
 

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 9de6cae..6dd483d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1331,6 +1331,19 @@
 # These are modules where the code runs in system_server, so we need full access.
 allow system_server apex_system_server_data_file:dir create_dir_perms;
 allow system_server apex_system_server_data_file:file create_file_perms;
+# Legacy labels that we still need to support (b/217581286)
+allow system_server {
+  apex_appsearch_data_file
+  apex_permission_data_file
+  apex_scheduling_data_file
+  apex_wifi_data_file
+}:dir create_dir_perms;
+allow system_server {
+  apex_appsearch_data_file
+  apex_permission_data_file
+  apex_scheduling_data_file
+  apex_wifi_data_file
+}:file create_file_perms;
 
 # Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
 # communicate which slots are available for use.

private/vold_prepare_subdirs.te

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index c6d482a..e4004e4 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -48,6 +48,15 @@
 allow vold_prepare_subdirs mnt_expand_file:dir search;
 allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
 allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
+
+# Migrate legacy labels to apex_system_server_data_file (b/217581286)
+allow vold_prepare_subdirs {
+  apex_appsearch_data_file
+  apex_permission_data_file
+  apex_scheduling_data_file
+  apex_wifi_data_file
+}:dir relabelfrom;
+
 # /data/misc is unlabeled during early boot.
 allow vold_prepare_subdirs unlabeled:dir search;