34a8e12112
This enables installd to uninstall or clear data of installed apps
whose data directory contains unusual file types, such as FIFO.
Bug: 10680357
(cherry picked from commit 839af9edb5)
Change-Id: I5715f7d6d3214896ad0456d614b052cf5fb79eef
28 lines
1.2 KiB
Text
28 lines
1.2 KiB
Text
# installer daemon
|
|
type installd, domain;
|
|
type installd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(installd)
|
|
relabelto_domain(installd)
|
|
typeattribute installd mlstrustedsubject;
|
|
allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
|
|
allow installd system_data_file:file create_file_perms;
|
|
allow installd system_data_file:lnk_file create;
|
|
allow installd dalvikcache_data_file:file create_file_perms;
|
|
allow installd data_file_type:dir create_dir_perms;
|
|
allow installd data_file_type:dir { relabelfrom relabelto };
|
|
allow installd data_file_type:{ file_class_set } { getattr unlink };
|
|
allow installd apk_data_file:file r_file_perms;
|
|
allow installd apk_tmp_file:file r_file_perms;
|
|
allow installd system_file:file x_file_perms;
|
|
allow installd cgroup:dir create_dir_perms;
|
|
allow installd download_file:dir { read getattr };
|
|
dontaudit installd self:capability sys_admin;
|
|
# Check validity of SELinux context before use.
|
|
selinux_check_context(installd)
|
|
# Read /seapp_contexts and /data/security/seapp_contexts
|
|
security_access_policy(installd)
|
|
# ASEC
|
|
allow installd platform_app_data_file:lnk_file { create setattr };
|
|
allow installd app_data_file:lnk_file { create setattr };
|
|
allow installd asec_apk_file:file r_file_perms;
|