Skip to content
Snippets Groups Projects
Commit 4af76925 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

domain_deprecate: remove system_data_file access am: 2b75437d 

am: 2cf7fba5

Change-Id: Id8a7e0fd6c2bc4b5fb10ed41ac65d241510755d8
parents ba10fd49 2cf7fba5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/domain_deprecated.te
+ 0
19
View file @ 4af76925
# rules removed from the domain attribute # rules removed from the domain attribute
# Read files already opened under /data.
allow domain_deprecated system_data_file:file { getattr read };
allow domain_deprecated system_data_file:lnk_file r_file_perms;
userdebug_or_eng(`
auditallow {
domain_deprecated
-appdomain
-sdcardd
-system_server
-tee
} system_data_file:file { getattr read };
auditallow {
domain_deprecated
-appdomain
-system_server
-tee
} system_data_file:lnk_file r_file_perms;
')
# Read apk files under /data/app. # Read apk files under /data/app.
allow domain_deprecated apk_data_file:dir { getattr search }; allow domain_deprecated apk_data_file:dir { getattr search };
allow domain_deprecated apk_data_file:file r_file_perms; allow domain_deprecated apk_data_file:file r_file_perms;
......
public/installd.te
+ 1
1
View file @ 4af76925
...@@ -45,7 +45,7 @@ allow installd asec_image_file:file getattr; ...@@ -45,7 +45,7 @@ allow installd asec_image_file:file getattr;
# and lib symlinks before the setfilecon call. May want to # and lib symlinks before the setfilecon call. May want to
# move symlink creation after setfilecon in installd. # move symlink creation after setfilecon in installd.
allow installd system_data_file:dir create_dir_perms; allow installd system_data_file:dir create_dir_perms;
allow installd system_data_file:lnk_file { create setattr unlink }; allow installd system_data_file:lnk_file { create getattr setattr unlink };
# Upgrade /data/media for multi-user if necessary. # Upgrade /data/media for multi-user if necessary.
allow installd media_rw_data_file:dir create_dir_perms; allow installd media_rw_data_file:dir create_dir_perms;
......
public/runas.te
+ 1
0
View file @ 4af76925
...@@ -12,6 +12,7 @@ allow runas shell_data_file:file { read write }; ...@@ -12,6 +12,7 @@ allow runas shell_data_file:file { read write };
# run-as reads package information. # run-as reads package information.
allow runas system_data_file:file r_file_perms; allow runas system_data_file:file r_file_perms;
allow runas system_data_file:lnk_file getattr;
# run-as checks and changes to the app data dir. # run-as checks and changes to the app data dir.
dontaudit runas self:capability dac_override; dontaudit runas self:capability dac_override;
......
public/vold.te
+ 4
0
View file @ 4af76925
...@@ -104,6 +104,10 @@ allow vold efs_file:file rw_file_perms; ...@@ -104,6 +104,10 @@ allow vold efs_file:file rw_file_perms;
# Create and mount on /data/tmp_mnt and management of expansion mounts # Create and mount on /data/tmp_mnt and management of expansion mounts
allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir }; allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
allow vold system_data_file:lnk_file getattr;
# for secdiscard
allow vold system_data_file:file read;
# Set scheduling policy of kernel processes # Set scheduling policy of kernel processes
allow vold kernel:process setsched; allow vold kernel:process setsched;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment