It only accesses already-open file handles since b/67111829, so has no
need for any access to the directories, not even search access.
Fixes: 161960094
Bug: 141677108
Test: boot, install app
Test: cmd package force-dex-opt <package>
Test: cmd package bg-dexopt-job
Test: No denials seen.
Change-Id: I23dca1f038351be759dd16dff18d16d158604c3c
We have various apps which inherently work across all users,
configured in seapp_contexts with levelFrom=None (usually implicitly).
This change marks those apps, where they have private data files, as
mlstrustedsubject, to allow us to increase restrictions on cross-user
access without breaking them.
Currently these apps are granted full access to [priv_]app__data_file
via TE rules, but are blocked from calling open (etc) by mls rules
(they don't have a matching level).
This CL changes things round so they are granted access by mls, but
blocked from calling open by TE rules; the overall effect is thus the
same - they do not have access.
A neverallow rule is added to ensure this remains true.
Note that there are various vendor apps which are appdomain,
levelFrom=None; they will also need modified policy.
Test: builds, boots, no new denials.
Bug: 141677108
Change-Id: Ic14f24ec6e8cbfda7a775adf0c350b406d3a197e
