Allow installd to move APKs.
As an optimization, installd is now moving previously-installed applications between attached storage volumes. This is effectively copying to the new location, then deleting the old location. Since OAT files can now live under /data/app directories, we also need the ability to relabel those files. avc: denied { create } for name="base.apk" scontext=u:r:installd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 avc: denied { write } for path="/data/app/com.example.playground-2/base.apk" dev="mmcblk0p16" ino=40570 scontext=u:r:installd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 avc: denied { setattr } for name="base.apk" dev="mmcblk0p16" ino=40570 scontext=u:r:installd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 avc: denied { relabelfrom } for name="base.odex" dev="mmcblk0p16" ino=40574 scontext=u:r:installd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 avc: denied { relabelto } for name="base.odex" dev="mmcblk0p16" ino=40574 scontext=u:r:installd:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file permissive=1 Bug: 19993667, 20275578 Change-Id: I52bb29ed9f57b3216657eb757d78b06eeaf53458
This commit is contained in:
parent
f7163597f5
commit
8f821db783
1 changed files with 7 additions and 1 deletions
|
@ -5,10 +5,16 @@ type installd_exec, exec_type, file_type;
|
||||||
init_daemon_domain(installd)
|
init_daemon_domain(installd)
|
||||||
typeattribute installd mlstrustedsubject;
|
typeattribute installd mlstrustedsubject;
|
||||||
allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
|
allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
|
||||||
allow installd apk_data_file:file { rename unlink };
|
|
||||||
|
# Allow labeling of files under /data/app/com.example/oat/
|
||||||
allow installd dalvikcache_data_file:dir relabelto;
|
allow installd dalvikcache_data_file:dir relabelto;
|
||||||
|
allow installd dalvikcache_data_file:file relabelto;
|
||||||
|
|
||||||
|
# Allow movement of APK files between volumes
|
||||||
allow installd apk_data_file:dir { create_dir_perms relabelfrom };
|
allow installd apk_data_file:dir { create_dir_perms relabelfrom };
|
||||||
|
allow installd apk_data_file:file { create_file_perms relabelfrom };
|
||||||
allow installd apk_data_file:lnk_file { create read unlink };
|
allow installd apk_data_file:lnk_file { create read unlink };
|
||||||
|
|
||||||
allow installd asec_apk_file:file r_file_perms;
|
allow installd asec_apk_file:file r_file_perms;
|
||||||
allow installd apk_tmp_file:file { r_file_perms unlink };
|
allow installd apk_tmp_file:file { r_file_perms unlink };
|
||||||
allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
|
allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
|
||||||
|
|
Loading…
Reference in a new issue