Merge "make system_app_data_file shareable over binder" am: 7216b3aa00

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736243

Change-Id: Ic055764f86525b82d85a5d6524a2c4e2ba558361
This commit is contained in:
Adam Shih 2021-06-16 01:49:31 +00:00 committed by Automerger Merge Worker
commit 5c90c86b4f

View file

@ -70,7 +70,7 @@ allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_dat
allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_data_file }:file create_file_perms;
# Access via already open fds is ok even for mlstrustedsubject.
allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file { getattr map read write };
allow { appdomain -isolated_app } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
# Traverse into expanded storage
allow appdomain mnt_expand_file:dir r_dir_perms;