8bf8a262e5
We no longer allow apps with mlstrustedsubject access to app_data_file or privapp_data_file. For compatibility we grant access to all apps on vendor images for SDK <= 30, whether mlstrustedsubject or not. (The ones that are not already have access, but that is harmless.) Additionally we have started adding categories to system_data_file etc. We treat these older vendor apps as trusted for those types only. The result is that apps on older vendor images still have all the access they used to but no new access. We add a neverallow to prevent the compatibility attribute being abused. Test: builds Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
6 lines
231 B
Text
6 lines
231 B
Text
hal_attribute(lazy_test);
|
|
|
|
# This is applied to apps on vendor images with SDK <=30 only,
|
|
# to exempt them from recent mls changes. It must not be applied
|
|
# to any domain on newer system or vendor image.
|
|
attribute mlsvendorcompat;
|