Fix denials encountered while getting bugreports.

Bug: 10498304 Change-Id: I312665a2cd09fa16ae3f3978aebdb0da99cf1f74
2013-08-30 13:02:30 -07:00 · 2013-08-30 13:02:30 -07:00 · 81560733a4
commit 81560733a4
parent 765e95f99f
3 changed files with 4 additions and 4 deletions
--- a/app.te
+++ b/app.te
@ -76,8 +76,8 @@ allow appdomain isolated_app:unix_stream_socket { read write };

 # Backup ability for every app. BMS opens and passes the fd
 # to any app that has backup ability. Hence, no open permissions here.
-allow appdomain backup_data_file:file { read write };
-allow appdomain  cache_backup_file:file { read write };
+allow appdomain backup_data_file:file { read write getattr };
+allow appdomain cache_backup_file:file { read write getattr };
 # Backup ability using 'adb backup'
 allow appdomain system_data_file:lnk_file getattr;

--- a/domain.te
+++ b/domain.te
@ -81,7 +81,7 @@ allow domain system_data_file:file { getattr read };
 allow domain system_data_file:lnk_file read;

 # Read apk files under /data/app.
-allow domain apk_data_file:dir search;
+allow domain apk_data_file:dir { getattr search };
 allow domain apk_data_file:file r_file_perms;

 # Read /data/dalvik-cache.
--- a/zygote.te
+++ b/zygote.te
@ -12,7 +12,7 @@ allow zygote self:capability setpcap;
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
 # Allow zygote to read app data dirs (b/10455872)
-allow zygote appdomain:dir search;
+allow zygote appdomain:dir { getattr search };
 allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };