tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add new domains for private apps.

Browse source 
/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.

Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This commit is contained in:
Robert Craig 2013-04-03 14:21:46 -04:00 committed by Gerrit Code Review
parent 0bca1578b7
commit 8bb308016f
4 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app.te
View file

@ -20,8 +20,10 @@ allow platform_app cache_file:file create_file_perms;
allow platform_app shell_data_file:dir search;
allow platform_app shell_data_file:file { open getattr read };
allow platform_app shell_data_file:lnk_file read;
# Populate /data/app/vmdl*.tmp file created by system server.
allow platform_app apk_tmp_file:file rw_file_perms;
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
# created by system server.
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
allow platform_app apk_private_data_file:dir search;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;

3
file.te
View file

@ -36,6 +36,9 @@ type tombstone_data_file, file_type, data_file_type;
# /data/app - user-installed apps
type apk_data_file, file_type, data_file_type;
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/app-private - forward-locked apps
type apk_private_data_file, file_type, data_file_type;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
# /data/local - writable by shell

2
file_contexts
View file

@ -159,6 +159,8 @@
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
/data/app/vmdl.*\.tmp u:object_r:apk_tmp_file:s0
/data/app-private(/.*)? u:object_r:apk_private_data_file:s0
/data/app-private/vmdl.*\.tmp u:object_r:apk_private_tmp_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
# Misc data

4
system.te
View file

@ -151,8 +151,8 @@ allow system data_file_type:notdevfile_class_set create_file_perms;
allow system rootfs:file r_file_perms;
# Relabel apk files.
allow system apk_tmp_file:file { relabelfrom relabelto };
allow system apk_data_file:file { relabelfrom relabelto };
allow system { apk_tmp_file apk_private_tmp_file }:file { relabelfrom relabelto };
allow system { apk_data_file apk_private_data_file }:file { relabelfrom relabelto };
# Relabel wallpaper.
allow system system_data_file:file relabelfrom;