Add downloaded file policy.
Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366
This commit is contained in:
Geremy Condra
repo sync
parent
d381b97e13
commit
bfb26e7b07
3 changed files with 15 additions and 0 deletions
11
app.te
11
app.te
|
|
@ -27,6 +27,7 @@ allow platform_app apk_private_data_file:dir search;
|
|||
# ASEC
|
||||
allow platform_app asec_apk_file:dir create_dir_perms;
|
||||
allow platform_app asec_apk_file:file create_file_perms;
|
||||
allow platform_app download_file:file rw_file_perms;
|
||||
|
||||
# Apps signed with the media key.
|
||||
type media_app, domain;
|
||||
|
|
@ -45,6 +46,11 @@ allow media_app unlabeled:dir getattr;
|
|||
# Stat /cache/backup
|
||||
allow media_app cache_backup_file:file getattr;
|
||||
allow media_app cache_backup_file:dir getattr;
|
||||
# Read files in the rootdir
|
||||
allow media_app rootfs:file r_file_perms;
|
||||
# Allow platform apps to mark platform app data files as download files
|
||||
allow media_app platform_app_data_file:dir relabelfrom;
|
||||
allow media_app download_file:dir relabelto;
|
||||
|
||||
# Apps signed with the shared key.
|
||||
type shared_app, domain;
|
||||
|
|
@ -83,6 +89,7 @@ allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_
|
|||
allow platformappdomain sdcard_type:dir create_dir_perms;
|
||||
allow platformappdomain sdcard_type:file create_file_perms;
|
||||
|
||||
|
||||
#
|
||||
# Untrusted apps.
|
||||
#
|
||||
|
|
@ -180,3 +187,7 @@ allow { appdomain isolated_app } backup_data_file:file { read write };
|
|||
allow { appdomain isolated_app } cache_backup_file:file { read write };
|
||||
# Backup ability using 'adb backup'
|
||||
allow { appdomain isolated_app } system_data_file:lnk_file getattr;
|
||||
|
||||
# Allow all applications to read downloaded files
|
||||
allow appdomain download_file:file r_file_perms;
|
||||
file_type_auto_trans(appdomain, download_file, download_file)
|
||||
|
|
|
|||
2
file.te
2
file.te
|
|
@ -79,6 +79,8 @@ type security_file, file_type;
|
|||
# vary per device, so this type is used in per
|
||||
# device policy
|
||||
type bluetooth_efs_file, file_type;
|
||||
# Downloaded files
|
||||
type download_file, file_type;
|
||||
|
||||
# Socket types
|
||||
type adbd_socket, file_type;
|
||||
|
|
|
|||
|
|
@ -186,6 +186,8 @@
|
|||
/data/data/com.android.settings/files/wallpaper u:object_r:wallpaper_file:s0
|
||||
# Wallpaper file for other users
|
||||
/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0
|
||||
# Downloaded files
|
||||
/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
|
||||
#############################
|
||||
# efs files
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in a new issue