make system_app_data_file shareable over binder
Apps should be able to share their private files over binder, including system_app. Bug: 188869889 Test: go to setting ==> system ==> multi-users ==> tap icon to change profile photo with camera Change-Id: I3dc732f727b9b697c9a73f6089392690109ae035 Merged-In: I3dc732f727b9b697c9a73f6089392690109ae035
This commit is contained in:
Adam Shih
parent
5528ab9e4d
commit
5603d9e8d1
2 changed files with 2 additions and 2 deletions
|
|
@ -70,7 +70,7 @@ allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_dat
|
|||
allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_data_file }:file create_file_perms;
|
||||
|
||||
# Access via already open fds is ok even for mlstrustedsubject.
|
||||
allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file { getattr map read write };
|
||||
allow { appdomain -isolated_app } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
|
||||
|
||||
# Traverse into expanded storage
|
||||
allow appdomain mnt_expand_file:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_dat
|
|||
allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_data_file }:file create_file_perms;
|
||||
|
||||
# Access via already open fds is ok even for mlstrustedsubject.
|
||||
allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file { getattr map read write };
|
||||
allow { appdomain -isolated_app } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
|
||||
|
||||
# Traverse into expanded storage
|
||||
allow appdomain mnt_expand_file:dir r_dir_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue