tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Adding ability for priv apps to read traceur fd"

Browse source
This commit is contained in:
Max Bires 2018-03-14 20:31:26 +00:00 committed by Gerrit Code Review
commit 8966b8e53d
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
private/priv_app.te
View file

@ -58,6 +58,9 @@ allow priv_app media_rw_data_file:file create_file_perms;
allow priv_app shell_data_file:file r_file_perms;
allow priv_app shell_data_file:dir r_dir_perms;
# Allow traceur to pass file descriptors through a content provider to betterbug
allow priv_app trace_data_file:file { getattr read };
# Allow verifier to access staged apks.
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
@ -191,3 +194,8 @@ neverallow priv_app mlstrustedsubject:process fork;
# bugs, so we want to ensure priv_app never has this
# capability.
neverallow priv_app file_type:file link;
# priv apps should not be able to open trace data files, they should depend
# upon traceur to pass a file descriptor which they can then read
neverallow priv_app trace_data_file:dir *;
neverallow priv_app trace_data_file:file { no_w_file_perms open };