Merge "Change security policy so all apps can read /dev/xt_qtaguid."

c57dbccb · Geremy Condra · Gerrit Code Review · 5988bbf8 · 4c266ba1 · c57dbccb
Commit c57dbccb authored 12 years ago by Geremy Condra Committed by Gerrit Code Review 12 years ago
--- a/app.te
+++ b/app.te
@@ -24,8 +24,6 @@ allow platform_app shell_data_file:file { open getattr read };
 allow platform_app shell_data_file:lnk_file read;
 # Populate /data/app/vmdl*.tmp file created by system server.
 allow platform_app apk_tmp_file:file rw_file_perms;
-# Read /dev/xt_qtaguid
-allow platform_app qtaguid_device:chr_file r_file_perms;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;
@@ -43,8 +41,6 @@ allow media_app mtp_device:chr_file rw_file_perms;
 # Write to /cache.
 allow media_app cache_file:dir rw_dir_perms;
 allow media_app cache_file:file create_file_perms;
-# Read /dev/xt_qtaguid
-allow media_app qtaguid_device:chr_file r_file_perms;
 # Apps signed with the shared key.
 type shared_app, domain;
@@ -69,8 +65,6 @@ net_domain(release_app)
 bluetooth_domain(release_app)
 # Read logs.
 allow release_app log_device:chr_file read;
-# Read /dev/xt_qtaguid
-allow release_app qtaguid_device:chr_file r_file_perms;
 # Services with isolatedProcess=true in their manifest.
 # In order for isolated_apps to interact with apps that have levelFromUid=true
@@ -185,6 +179,9 @@ allow appdomain anr_data_file:file { open append };
 # Write to /proc/net/xt_qtaguid/ctrl file.
 allow appdomain qtaguid_proc:file rw_file_perms;
+# Everybody can read the xt_qtaguid resource tracking misc dev.
+# So allow all apps to read from /dev/xt_qtaguid.
+allow appdomain qtaguid_device:chr_file r_file_perms;
 # Use the Binder.
 binder_use(appdomain)