move untrusted_app statement to the correct file.
Change-Id: I5ae9606023ef7f3489f44e6657766e922160c470
This commit is contained in:
Nick Kralevich
parent
ee66ba8c40
commit
8be3e77986
2 changed files with 5 additions and 5 deletions
5
app.te
5
app.te
|
|
@ -119,11 +119,6 @@ allow appdomain media_rw_data_file:file { read getattr };
|
|||
# Read and write /data/data/com.android.providers.telephony files passed over Binder.
|
||||
allow appdomain radio_data_file:file { read write getattr };
|
||||
|
||||
# Read and write system app data files passed over Binder.
|
||||
# Motivating case was /data/data/com.android.settings/cache/*.jpg for
|
||||
# cropping or taking user photos.
|
||||
allow untrusted_app system_app_data_file:file { read write getattr };
|
||||
|
||||
# Access SDcard via the fuse mount.
|
||||
allow appdomain fuse:dir create_dir_perms;
|
||||
allow appdomain fuse:file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -47,6 +47,11 @@ create_pty(untrusted_app)
|
|||
allow untrusted_app shell_data_file:file r_file_perms;
|
||||
allow untrusted_app shell_data_file:dir r_dir_perms;
|
||||
|
||||
# Read and write system app data files passed over Binder.
|
||||
# Motivating case was /data/data/com.android.settings/cache/*.jpg for
|
||||
# cropping or taking user photos.
|
||||
allow untrusted_app system_app_data_file:file { read write getattr };
|
||||
|
||||
#
|
||||
# Rules migrated from old app domains coalesced into untrusted_app.
|
||||
# This includes what used to be media_app, shared_app, and release_app.
|
||||
|
|
|
|||
Loading…
Reference in a new issue