Skip to content
Snippets Groups Projects
Commit b8a42499 authored by Shubham Ajmera's avatar Shubham Ajmera
Browse files

Don't allow dexoptanalyzer to open app_data_files

Test: manual(installd flow without sepolicy denials)
Bug: 67111829
Change-Id: I7ac1a86e731ec5900eec83608b4765a6818f2fd0
parent bf4786cf
No related branches found
No related tags found
No related merge requests found
......@@ -20,7 +20,7 @@ allow dexoptanalyzer installd:fd use;
# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer app_data_file:dir { getattr search };
allow dexoptanalyzer app_data_file:file r_file_perms;
allow dexoptanalyzer app_data_file:file { getattr read };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment