Merge "sepolicy: allow system apps to access ASEC"

b7d0ae3a · Nick Kralevich · Gerrit Code Review · 2c759185 · c06ed8f7 · b7d0ae3a
Commit b7d0ae3a authored 10 years ago by Nick Kralevich Committed by Gerrit Code Review 10 years ago
--- a/system_app.te
+++ b/system_app.te
@@ -45,6 +45,9 @@ allow system_app logd_prop:property_service set;
 allow system_app anr_data_file:dir ra_dir_perms;
 allow system_app anr_data_file:file create_file_perms;
+# Settings need to access app name and icon from asec
+allow system_app asec_apk_file:file r_file_perms;
 allow system_app system_app_service:service_manager add;
 allow system_app keystore:keystore_key {

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -32,7 +32,6 @@ allow untrusted_app app_data_file:file { rx_file_perms execmod };
 allow untrusted_app tun_device:chr_file rw_file_perms;
 # ASEC
-allow untrusted_app asec_apk_file:dir { getattr };
 allow untrusted_app asec_apk_file:file r_file_perms;
 # Execute libs in asec containers.
 allow untrusted_app asec_public_file:file { execute execmod };