selinux: New rw privileges for themes
- New theme_data_file context for files under /data/system/theme
- Permit systemserver to create files/dirs under /data/resource-cache
- Permit systemserver to create files/dirs under /data/system/theme
Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 3a20199..ddf15b9 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -2,3 +2,6 @@
allow file_type rootfs:filesystem associate;
type auditd_log, file_type;
+
+# Themes
++type theme_data_file, file_type, data_file_type;
\ No newline at end of file
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c179f1e..983f911 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,6 +4,9 @@
/system/bin/auditd u:object_r:logd_exec:s0
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
+# Themes
+/data/system/theme(/.*)? u:object_r:theme_data_file:s0
+
/system/bin/sysinit u:object_r:sysinit_exec:s0
# For minivold in recovery
diff --git a/sepolicy/system.te b/sepolicy/system.te
index ca07e6f..b969f47 100644
--- a/sepolicy/system.te
+++ b/sepolicy/system.te
@@ -6,3 +6,9 @@
allow system_server dhcp_data_file:dir r_dir_perms;
allow system_server dhcp_data_file:file r_file_perms;
+
+# Themes
+allow system_server theme_data_file:dir create_dir_perms;
+allow system_server theme_data_file:file create_file_perms;
+allow system_server resourcecache_data_file:dir create_dir_perms;
+allow system_server resourcecache_data_file:file create_file_perms;