am 8d6e4cc1: Merge "Fix SELinux policies to allow resource overlays."
* commit '8d6e4cc174ec06b3b45c71b5f5fe1353653a1d31': Fix SELinux policies to allow resource overlays.
This commit is contained in:
Nick Kralevich
Android Git Automerger
commit
f416b54df7
6 changed files with 18 additions and 0 deletions
4
app.te
4
app.te
|
|
@ -141,6 +141,10 @@ allow appdomain shared_relro_file:file r_file_perms;
|
|||
# Allow apps to read/execute installed binaries
|
||||
allow appdomain apk_data_file:file { rx_file_perms execmod };
|
||||
|
||||
# /data/resource-cache
|
||||
allow appdomain resourcecache_data_file:file r_file_perms;
|
||||
allow appdomain resourcecache_data_file:dir r_dir_perms;
|
||||
|
||||
###
|
||||
### CTS-specific rules
|
||||
###
|
||||
|
|
|
|||
2
file.te
2
file.te
|
|
@ -61,6 +61,8 @@ type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|||
type dalvikcache_data_file, file_type, data_file_type;
|
||||
# /data/dalvik-cache/profiles
|
||||
type dalvikcache_profiles_data_file, file_type, data_file_type;
|
||||
# /data/resource-cache
|
||||
type resourcecache_data_file, file_type, data_file_type;
|
||||
# /data/local - writable by shell
|
||||
type shell_data_file, file_type, data_file_type;
|
||||
# /data/gps
|
||||
|
|
|
|||
|
|
@ -173,6 +173,7 @@
|
|||
/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0
|
||||
/data/drm(/.*)? u:object_r:drm_data_file:s0
|
||||
/data/gps(/.*)? u:object_r:gps_data_file:s0
|
||||
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
|
||||
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/data/dalvik-cache/profiles(/.*)? u:object_r:dalvikcache_profiles_data_file:s0
|
||||
/data/anr(/.*)? u:object_r:anr_data_file:s0
|
||||
|
|
|
|||
|
|
@ -49,6 +49,10 @@ allow installd dalvikcache_data_file:file create_file_perms;
|
|||
allow installd dalvikcache_profiles_data_file:dir rw_dir_perms;
|
||||
allow installd dalvikcache_profiles_data_file:file create_file_perms;
|
||||
|
||||
# Create files under /data/resource-cache.
|
||||
allow installd resourcecache_data_file:dir rw_dir_perms;
|
||||
allow installd resourcecache_data_file:file create_file_perms;
|
||||
|
||||
# Upgrade from unlabeled userdata.
|
||||
# Just need enough to remove and/or relabel it.
|
||||
allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir };
|
||||
|
|
|
|||
|
|
@ -15,6 +15,10 @@ allow system_server system_server_tmpfs:file execute;
|
|||
# For art.
|
||||
allow system_server dalvikcache_data_file:file execute;
|
||||
|
||||
# /data/resource-cache
|
||||
allow system_server resourcecache_data_file:file r_file_perms;
|
||||
allow system_server resourcecache_data_file:dir r_dir_perms;
|
||||
|
||||
# ptrace to processes in the same domain for debugging crashes.
|
||||
allow system_server self:process ptrace;
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,9 @@ allow zygote system_data_file:file r_file_perms;
|
|||
# Write to /data/dalvik-cache.
|
||||
allow zygote dalvikcache_data_file:dir create_dir_perms;
|
||||
allow zygote dalvikcache_data_file:file create_file_perms;
|
||||
# Write to /data/resource-cache
|
||||
allow zygote resourcecache_data_file:dir rw_dir_perms;
|
||||
allow zygote resourcecache_data_file:file create_file_perms;
|
||||
# For art.
|
||||
allow zygote dalvikcache_data_file:file execute;
|
||||
# Execute dexopt.
|
||||
|
|
|
|||
Loading…
Reference in a new issue