Get rid of separate platform_app_data_file type.

The original concept was to allow separation between /data/data/<pkgdir>
files of "platform" apps (signed by one of the four build keys) and
untrusted apps.  But we had to allow read/write to support passing of
open files via Binder or local socket for compatibilty, and it seems
that direct open by pathname is in fact used in Android as well,
only passing the pathname via Binder or local socket.  So there is no
real benefit to keeping it as a separate type.

Retain a type alias for platform_app_data_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.

Change-Id: Ic15066f48765322ad40500b2ba2801bb3ced5489
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

5 files changed, 8 insertions, 11 deletions

diff --git a/app.te b/app.te
index d90185c..8c4b2a3 100644
--- a/app.te
+++ b/app.te
@@ -32,10 +32,6 @@ binder_call(appdomain, surfaceflinger)
 allow appdomain app_data_file:dir create_dir_perms;
 allow appdomain app_data_file:notdevfile_class_set create_file_perms;
 
-# Read/write data files created by the platform apps if they
-# were passed to the app via binder or local IPC.  Do not allow open.
-allow appdomain platform_app_data_file:file { getattr read write };
-
 # lib subdirectory of /data/data dir is system-owned.
 allow appdomain system_data_file:dir r_dir_perms;
 allow appdomain system_data_file:file { execute open };
diff --git a/file.te b/file.te
index 69e5c82..c901ec7 100644
--- a/file.te
+++ b/file.te
@@ -58,7 +58,8 @@ type camera_calibration_file, file_type, data_file_type;
 type adb_keys_file, file_type, data_file_type;
 # /data/data subdirectories - app sandboxes
 type app_data_file, file_type, data_file_type;
-type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
+# Compatibility with type name used in Android 4.3 and 4.4.
+typealias app_data_file alias platform_app_data_file;
 # Default type for anything under /cache
 type cache_file, file_type, mlstrustedobject;
 # Type for /cache/.*\.{data|restore} and default
diff --git a/installd.te b/installd.te
index 1d3ef0a..1151155 100644
--- a/installd.te
+++ b/installd.te
@@ -24,7 +24,6 @@ selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts
 security_access_policy(installd)
 # ASEC
-allow installd platform_app_data_file:lnk_file { create setattr rename relabelto };
 allow installd app_data_file:lnk_file { create setattr };
 allow installd asec_apk_file:file r_file_perms;
 allow installd bluetooth_data_file:lnk_file { create setattr };
diff --git a/media_app.te b/media_app.te
index f0f987f..44d5885 100644
--- a/media_app.te
+++ b/media_app.te
@@ -10,4 +10,5 @@ platform_app_domain(media_app)
 net_domain(media_app)
 unconfined_domain(media_app)
 relabelto_domain(media_app)
+allow media_app app_data_file:dir relabelfrom;
 allow media_app download_file:dir relabelto;
diff --git a/seapp_contexts b/seapp_contexts
index 41d3dd8..8904fe1 100644
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -37,10 +37,10 @@ user=system domain=system_app type=system_data_file
 user=bluetooth domain=bluetooth type=bluetooth_data_file
 user=nfc domain=nfc type=nfc_data_file
 user=radio domain=radio type=radio_data_file
-user=_app domain=untrusted_app type=app_data_file levelFrom=none
-user=_app seinfo=platform domain=platform_app type=platform_app_data_file
-user=_app seinfo=shared domain=shared_app type=platform_app_data_file
-user=_app seinfo=media domain=media_app type=platform_app_data_file
-user=_app seinfo=release domain=release_app type=platform_app_data_file
+user=_app domain=untrusted_app type=app_data_file
+user=_app seinfo=platform domain=platform_app type=app_data_file
+user=_app seinfo=shared domain=shared_app type=app_data_file
+user=_app seinfo=media domain=media_app type=app_data_file
+user=_app seinfo=release domain=release_app type=app_data_file
 user=_isolated domain=isolated_app
 user=shell domain=shell type=shell_data_file