Merge "make system_app_data_file shareable over binder"

2021-06-16 01:26:50 +00:00 · 2021-06-16 01:26:50 +00:00 · 7216b3aa00
commit 7216b3aa00
parent 737b098a71 ff7ba7e301
1 changed files with 1 additions and 1 deletions
--- a/public/app.te
+++ b/public/app.te
@ -70,7 +70,7 @@ allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_dat
 allow { appdomain -isolated_app -mlstrustedsubject } { app_data_file privapp_data_file }:file create_file_perms;

 # Access via already open fds is ok even for mlstrustedsubject.
-allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file { getattr map read write };
+allow { appdomain -isolated_app } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };

 # Traverse into expanded storage
 allow appdomain mnt_expand_file:dir r_dir_perms;