tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Revert "Remove app access to qtaguid ctrl/stats file"" am: 2904db67fb am: 178be15190

Browse source 
am: 8f17032d5d

Change-Id: I5c12f3f6a42c4d9de9870ad58b56b3d755a01133
This commit is contained in:
Chenbo Feng 2018-02-07 03:53:06 +00:00 committed by android-build-merger
commit 6f4adc57ba
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
public/app.te
View file

@ -169,7 +169,15 @@ userdebug_or_eng(`
allow appdomain heapdump_data_file:file append;
')
# Write to /proc/net/xt_qtaguid/ctrl file.
allow appdomain qtaguid_proc:file rw_file_perms;
r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
# read /proc/net/xt_qtguid/*stat* to per-app network data usage.
# Exclude isolated app which may not use network sockets.
r_dir_file({ appdomain -isolated_app }, proc_qtaguid_stat)
# Everybody can read the xt_qtaguid resource tracking misc dev.
# So allow all apps to read from /dev/xt_qtaguid.
allow { appdomain -isolated_app } qtaguid_device:chr_file r_file_perms;
# Grant GPU access to all processes started by Zygote.
# They need that to render the standard UI.
@ -542,8 +550,3 @@ neverallow appdomain proc_uid_concurrent_policy_time:file *;
# Apps cannot access proc_uid_cpupower
neverallow appdomain proc_uid_cpupower:file *;
# Apps cannot access proc/net/xt_qtaguid/ files anymore since P.
neverallow { appdomain -shell } qtaguid_proc:file rw_file_perms;
neverallow { appdomain -shell } proc_qtaguid_stat:{ file lnk_file } r_file_perms;
neverallow { appdomain -shell } qtaguid_device:chr_file r_file_perms;