tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

am 5f34265c: am a910a287: Remove untrusted_app access to tmp apk files

Browse source 
* commit '5f34265c5af472042c338780a39145661cca0e09':
  Remove untrusted_app access to tmp apk files
This commit is contained in:
Jeff Vander Stoep 2015-10-19 19:09:37 +00:00 committed by Android Git Automerger
commit 5d7bd5849a
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app.te
View file

@ -344,6 +344,10 @@ neverallow appdomain
dhcp_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
# access tmp apk files
neverallow { appdomain -platform_app -priv_app }
{ apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
# Access to factory files.
neverallow appdomain efs_file:dir_file_class_set write;
neverallow { appdomain -shell } efs_file:dir_file_class_set read;

4
untrusted_app.te
View file

@ -80,10 +80,6 @@ allow untrusted_app radio_service:service_manager find;
allow untrusted_app surfaceflinger_service:service_manager find;
allow untrusted_app app_api_service:service_manager find;
# Allow verifier to access staged apks.
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
# only allow unprivileged socket ioctl commands
allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;