tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow system server to open profiles

Browse source 
Allow system_server to open profile snapshots for read.
System server never reads the actual content. It passes the descriptor to
to privileged apps which acquire the permissions to inspect the profiles.

Test: installd_dexopt_test
Bug: 30934496
Change-Id: I1d1f07a05261af25f6640040af1500c9a4d5b8d5
This commit is contained in:
Calin Juravle 2017-11-22 00:09:25 -08:00
parent 4081fd3993
commit 15da30b6ff
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
private/system_server.te
View file

@ -720,6 +720,13 @@ with_asan(`
allow system_server zygote_exec:file rx_file_perms;
')
# ART Profiles.
# Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
allow system_server user_profile_data_file:dir { search };
allow system_server user_profile_data_file:file { open read };
###
### Neverallow rules
###