app.te · 2de02877a30e73bdf30fb2bf9cc4957f9ddbf996 · CodeLinaro / public-release-test / platform / system / sepolicy

allow apps to read the contents of mounted OBBs · 826bc5d6

Nick Kralevich authored 10 years ago

Apps should be able to read the contents of mounted OBBs.

Steps to reproduce:

  1) Install com.namcobandaigames.soulcaliburgp (SoulCalibur)
  2) Attempt to run the app.

Expected:
  App runs successfully.

Actual:
  App crashes. See denials below.

This can also be reproduced by running the newly introduced CTS
test in I2018b63b0236ce6b5aee4094e40473315b1948c3

Addresses the following denials:

  avc: denied { read } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file
  avc: denied { open } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file
  avc: denied { getattr } for pid=4133 comm="roidJUnitRunner" path="/mnt/obb/f73da56689d166b5389d49ad31ecbadb/test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file
  avc: denied { search } for name="/" dev="loop0" ino=1 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0

(cherrypick of commit 62083414)

Bug: 17633509
Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa

826bc5d6