Skip to content
Snippets Groups Projects
Commit 66ff0595 authored by Geremy Condra's avatar Geremy Condra Committed by Android (Google) Code Review
Browse files

Merge "Add downloaded file policy."

parents cfd0bc50 3d98620a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 11
0
View file @ 66ff0595
...@@ -27,6 +27,7 @@ allow platform_app apk_tmp_file:file rw_file_perms; ...@@ -27,6 +27,7 @@ allow platform_app apk_tmp_file:file rw_file_perms;
# ASEC # ASEC
allow platform_app asec_apk_file:dir create_dir_perms; allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms; allow platform_app asec_apk_file:file create_file_perms;
allow platform_app download_file:file rw_file_perms;
# Apps signed with the media key. # Apps signed with the media key.
type media_app, domain; type media_app, domain;
...@@ -47,6 +48,11 @@ allow media_app unlabeled:dir getattr; ...@@ -47,6 +48,11 @@ allow media_app unlabeled:dir getattr;
# Stat /cache/backup # Stat /cache/backup
allow media_app cache_backup_file:file getattr; allow media_app cache_backup_file:file getattr;
allow media_app cache_backup_file:dir getattr; allow media_app cache_backup_file:dir getattr;
# Read files in the rootdir
allow media_app rootfs:file r_file_perms;
# Allow platform apps to mark platform app data files as download files
allow media_app platform_app_data_file:dir relabelfrom;
allow media_app download_file:dir relabelto;
# Apps signed with the shared key. # Apps signed with the shared key.
type shared_app, domain; type shared_app, domain;
...@@ -92,6 +98,7 @@ allow platformappdomain sdcard_type:file create_file_perms; ...@@ -92,6 +98,7 @@ allow platformappdomain sdcard_type:file create_file_perms;
# System data file accesses (e.g, shared objects from the lib directory) # System data file accesses (e.g, shared objects from the lib directory)
allow platformappdomain system_data_file:file { execute open }; allow platformappdomain system_data_file:file { execute open };
# #
# Untrusted apps. # Untrusted apps.
# #
...@@ -186,3 +193,7 @@ allow { appdomain isolated_app } backup_data_file:file { read write }; ...@@ -186,3 +193,7 @@ allow { appdomain isolated_app } backup_data_file:file { read write };
allow { appdomain isolated_app } cache_backup_file:file { read write }; allow { appdomain isolated_app } cache_backup_file:file { read write };
# Backup ability using 'adb backup' # Backup ability using 'adb backup'
allow { appdomain isolated_app } system_data_file:lnk_file getattr; allow { appdomain isolated_app } system_data_file:lnk_file getattr;
# Allow all applications to read downloaded files
allow appdomain download_file:file r_file_perms;
file_type_auto_trans(appdomain, download_file, download_file)
file.te
+ 2
0
View file @ 66ff0595
...@@ -76,6 +76,8 @@ type security_file, file_type; ...@@ -76,6 +76,8 @@ type security_file, file_type;
# vary per device, so this type is used in per # vary per device, so this type is used in per
# device policy # device policy
type bluetooth_efs_file, file_type; type bluetooth_efs_file, file_type;
# Downloaded files
type download_file, file_type;
# Socket types # Socket types
type adbd_socket, file_type; type adbd_socket, file_type;
......
file_contexts
+ 2
0
View file @ 66ff0595
...@@ -183,6 +183,8 @@ ...@@ -183,6 +183,8 @@
/data/data/com.android.settings/files/wallpaper u:object_r:wallpaper_file:s0 /data/data/com.android.settings/files/wallpaper u:object_r:wallpaper_file:s0
# Wallpaper file for other users # Wallpaper file for other users
/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0 /data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0
# Downloaded files
/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
############################# #############################
# efs files # efs files
# #
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment