Add mlstrustedobject to appfuse object type.

To write bytes to appfuse file from priv_app, we need to specify
mlstrustedobject.
The CL fixes the following denial.

type=1400 audit(0.0:77): avc: denied { write } for name="10" dev="fuse" ino=10 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0

BUG=23093747

(cherry picked from commit 4d19f98c72)

Change-Id: I9901033bb3349d5def0bd7128db45a1169856dc1
This commit is contained in:
Daichi Hirono 2016-03-22 17:14:30 +09:00
parent f51c05485c
commit f19fb0c973

View file

@ -197,7 +197,7 @@ type bluetooth_efs_file, file_type;
# Type for fingerprint template file.
type fingerprintd_data_file, file_type, data_file_type;
# Type for appfuse file.
type app_fuse_file, file_type, data_file_type;
type app_fuse_file, file_type, data_file_type, mlstrustedobject;
# Socket types
type adbd_socket, file_type;