Fix compile time / CTS gps_data_files neverallow assertion

Currently, zygote spawned apps are prohibited from modifying GPS data files. If someone tries to allow GPS access to any app domain, it generates a compile time / CTS exception. Relax the rules slightly for system_app. These apps run with UID=system, and shouldn't be banned from handling gps data files. This change doesn't add or remove any SELinux rules. Rather, it just relaxes a compile time assertion, allow partners to create SELinux rules allowing the access if they desire. Bug: 18021422 Change-Id: Iad0c6a3627efe129246e2c817f6f71d2735eba93
2014-10-16 15:00:19 -07:00 · 2014-10-16 15:00:19 -07:00 · 480374e4d0
commit 480374e4d0
parent 51bfecf49d
1 changed files with 2 additions and 1 deletions
--- a/app.te
+++ b/app.te
@ -298,7 +298,8 @@ neverallow { appdomain -system_app }
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow appdomain gps_data_file:dir_file_class_set
+neverallow { appdomain -system_app }
+    gps_data_file:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
    apk_data_file:dir_file_class_set