80eec389e2
These dontaudit rules were in place to suppress SELinux denials due to file descriptor leakage. The file descriptor leakage has been fixed, so these rules are no longer necessary. Delete. Fixes: 120983106 Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases Change-Id: I5cad79c3526583bd2b65bd089fee9c490f6beb5e
30 lines
985 B
Text
30 lines
985 B
Text
# Any files which would have been created as app_data_file
|
|
# will be created as app_exec_data_file instead.
|
|
allow rs app_data_file:dir ra_dir_perms;
|
|
allow rs app_exec_data_file:file create_file_perms;
|
|
type_transition rs app_data_file:file app_exec_data_file;
|
|
|
|
# Follow /data/user/0 symlink
|
|
allow rs system_data_file:lnk_file read;
|
|
|
|
# Read files from the app home directory.
|
|
allow rs app_data_file:file r_file_perms;
|
|
allow rs app_data_file:dir r_dir_perms;
|
|
|
|
# Cleanup app_exec_data_file files in the app home directory.
|
|
allow rs app_data_file:dir remove_name;
|
|
|
|
# Use vendor resources
|
|
allow rs vendor_file:dir r_dir_perms;
|
|
r_dir_file(rs, vendor_overlay_file)
|
|
r_dir_file(rs, vendor_app_file)
|
|
|
|
# Read contents of app apks
|
|
r_dir_file(rs, apk_data_file)
|
|
|
|
allow rs gpu_device:chr_file rw_file_perms;
|
|
allow rs ion_device:chr_file r_file_perms;
|
|
allow rs same_process_hal_file:file { r_file_perms execute };
|
|
|
|
# File descriptors passed from app to renderscript
|
|
allow rs untrusted_app_all:fd use;
|