tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Grant untrusted_app dir access to asec_apk_file.

Browse source 
untrusted_app lost all of the domain_deprecated permissions in N,
including the ability to read asec_apk_file dirs.  This is used for
forward locked apps.

Addresses the following denials:
avc: denied { search } for name="asec" dev="tmpfs" ino=9298 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir permissive=0
avc: denied { getattr } for path="/mnt/asec" dev="tmpfs" ino=9298 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir permissive=0

(cherry-pick of internal commit: addd3c9fba)

Bug: 30082229
Change-Id: I87758f1daee19197d9299bca261f0324e01af5e0
This commit is contained in:
dcashman 2016-07-15 09:23:44 -07:00
parent 87f2ca2d43
commit 83348b0b94
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
untrusted_app.te
View file

@ -31,6 +31,7 @@ allow untrusted_app app_data_file:file { rx_file_perms execmod };
# ASEC
allow untrusted_app asec_apk_file:file r_file_perms;
allow untrusted_app asec_apk_file:dir r_dir_perms;
# Execute libs in asec containers.
allow untrusted_app asec_public_file:file { execute execmod };