allow untrusted_app read /data/anr/traces.txt
The GMS core feedback agent runs as untrusted_app, and needs
the ability to read /data/anr/traces.txt to report ANR information.
Allow all untrusted_apps to read /data/anr/traces.txt so that GMS core
can access it.
Longer term, we need to move GMS core into it's own domain, but that's
a longer term change.
Addresses the following denial:
W/ndroid.feedback(17825): type=1400 audit(0.0:68004): avc: denied { read } for name="traces.txt" dev="mmcblk0p28" ino=325762 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
(cherrypick from commit e2547c3bff)
Bug: 18504118
Bug: 18340553
Change-Id: I8b472b6ab7dfe2a73154033e0a088b8e26396fa8
This commit is contained in:
Nick Kralevich
parent
8be3e77986
commit
1aafc4c7d3
1 changed files with 8 additions and 0 deletions
|
|
@ -47,6 +47,14 @@ create_pty(untrusted_app)
|
|||
allow untrusted_app shell_data_file:file r_file_perms;
|
||||
allow untrusted_app shell_data_file:dir r_dir_perms;
|
||||
|
||||
# b/18504118: Allow reads from /data/anr/traces.txt
|
||||
# TODO: We shouldn't be allowing all untrusted_apps to read
|
||||
# this file. This is only needed for the GMS feedback agent.
|
||||
# See also b/18340553. GMS runs as untrusted_app, and
|
||||
# it's too late to change the domain it runs in.
|
||||
# This line needs to be deleted.
|
||||
allow untrusted_app anr_data_file:file r_file_perms;
|
||||
|
||||
# Read and write system app data files passed over Binder.
|
||||
# Motivating case was /data/data/com.android.settings/cache/*.jpg for
|
||||
# cropping or taking user photos.
|
||||
|
|
|
|||
Loading…
Reference in a new issue