tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow idmap1 to read vmdl*.tmp APK install files"

Browse source
This commit is contained in:
Treehugger Robot 2019-04-24 19:56:48 +00:00 committed by Gerrit Code Review
commit e4af840db6
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
public/idmap.te
View file

@ -2,7 +2,7 @@
type idmap, domain;
type idmap_exec, system_file_type, exec_type, file_type;
# STOPSHIP remove /system/bin/idmap and the link between idmap and installd (b/118711077)
# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
# Use open file to /data/resource-cache file inherited from installd.
allow idmap installd:fd use;
allow idmap resourcecache_data_file:file create_file_perms;
@ -15,6 +15,10 @@ dontaudit idmap installd:file read;
allow idmap apk_data_file:file r_file_perms;
allow idmap apk_data_file:dir search;
# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
allow idmap { apk_tmp_file apk_private_tmp_file }:dir search;
# Allow apps access to /vendor/app
r_dir_file(idmap, vendor_app_file)