Label /data/.layout_version with its own type.

installd creates /data/.layout_version.  Introduce a separate type
for this file (and any other file created by installd under a directory
labeled system_data_file) so that we can allow create/write access by
installd without allowing it to any system data files created by other
processes.  This prevents installd from overwriting other system data
files, and ensure that any files it creates will require explicit
rules in order to access.

Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 4 insertions, 3 deletions

diff --git a/installd.te b/installd.te
index 8f332b2..cabebc6 100644
--- a/installd.te
+++ b/installd.te
@@ -31,7 +31,8 @@ allow installd system_data_file:dir relabelfrom;
 allow installd media_rw_data_file:dir relabelto;
 
 # Create /data/.layout_version.* file
-allow installd system_data_file:file create_file_perms;
+type_transition installd system_data_file:file install_data_file;
+allow installd install_data_file:file create_file_perms;
 
 # Create files under /data/dalvik-cache.
 allow installd dalvikcache_data_file:dir create_dir_perms;
@@ -49,9 +50,9 @@ allow installd unlabeled:dir { getattr search relabelfrom };
 allow installd unlabeled:notdevfile_class_set { getattr relabelfrom };
 
 # Upgrade from before system_app_data_file was used for system UID apps.
-# Just need enough to relabel it.
+# Just need enough to relabel it and to unlink removed package files.
 # Directory access covered by earlier rule above.
-allow installd system_data_file:notdevfile_class_set { getattr relabelfrom };
+allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlink };
 
 # Manage /data/data subdirectories, including initially labeling them
 # upon creation via setfilecon or running restorecon_recursive,