selinux: New rw privileges for themes

- New theme_data_file context for files under /data/system/theme
- Permit systemserver to create files/dirs under /data/resource-cache
- Permit systemserver to create files/dirs under /data/system/theme

Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
This commit is contained in:
Andy Mast 2014-12-16 11:05:54 -08:00
parent 96ff95e52a
commit f274019100
3 changed files with 12 additions and 0 deletions

View File

@ -2,3 +2,6 @@
allow file_type rootfs:filesystem associate; allow file_type rootfs:filesystem associate;
type auditd_log, file_type; type auditd_log, file_type;
# Themes
+type theme_data_file, file_type, data_file_type;

View File

@ -4,6 +4,9 @@
/system/bin/auditd u:object_r:logd_exec:s0 /system/bin/auditd u:object_r:logd_exec:s0
/data/misc/audit(/.*)? u:object_r:auditd_log:s0 /data/misc/audit(/.*)? u:object_r:auditd_log:s0
# Themes
/data/system/theme(/.*)? u:object_r:theme_data_file:s0
/system/bin/sysinit u:object_r:sysinit_exec:s0 /system/bin/sysinit u:object_r:sysinit_exec:s0
# For minivold in recovery # For minivold in recovery

View File

@ -6,3 +6,9 @@ allow system_server adbtcp_prop:property_service set;
allow system_server dhcp_data_file:dir r_dir_perms; allow system_server dhcp_data_file:dir r_dir_perms;
allow system_server dhcp_data_file:file r_file_perms; allow system_server dhcp_data_file:file r_file_perms;
# Themes
allow system_server theme_data_file:dir create_dir_perms;
allow system_server theme_data_file:file create_file_perms;
allow system_server resourcecache_data_file:dir create_dir_perms;
allow system_server resourcecache_data_file:file create_file_perms;