d33568264f
DCS is DefaultContainerService.
avc: denied { getattr } for path="/data/app/vmdl2.tmp"
dev="mmcblk0p28" ino=162910 scontext=u:r:platform_app:s0
tcontext=u:object_r:apk_tmp_file:s0 tclass=dir
Bug: 14975160
Change-Id: Ifca9afb4e74ebbfbeb8c01e1e9ea65f5b55e9375
29 lines
1 KiB
Text
29 lines
1 KiB
Text
###
|
|
### Apps signed with the platform key.
|
|
###
|
|
|
|
type platform_app, domain;
|
|
app_domain(platform_app)
|
|
# Access the network.
|
|
net_domain(platform_app)
|
|
# Access bluetooth.
|
|
bluetooth_domain(platform_app)
|
|
# Read from /data/local/tmp or /data/data/com.android.shell.
|
|
allow platform_app shell_data_file:dir search;
|
|
allow platform_app shell_data_file:file { open getattr read };
|
|
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
|
|
# created by system server.
|
|
allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
|
|
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
|
|
allow platform_app apk_private_data_file:dir search;
|
|
# ASEC
|
|
allow platform_app asec_apk_file:dir create_dir_perms;
|
|
allow platform_app asec_apk_file:file create_file_perms;
|
|
|
|
# Access to /data/media.
|
|
allow platform_app media_rw_data_file:dir create_dir_perms;
|
|
allow platform_app media_rw_data_file:file create_file_perms;
|
|
|
|
# Write to /cache.
|
|
allow platform_app cache_file:dir create_dir_perms;
|
|
allow platform_app cache_file:file create_file_perms;
|