Skip to content
Snippets Groups Projects
Commit daac339f authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Don't allow dexoptanalyzer to open app_data_files"

parents 8228c1dc b8a42499
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/dexoptanalyzer.te
+ 1
1
View file @ daac339f
...@@ -20,7 +20,7 @@ allow dexoptanalyzer installd:fd use; ...@@ -20,7 +20,7 @@ allow dexoptanalyzer installd:fd use;
# Allow reading secondary dex files that were reported by the app to the # Allow reading secondary dex files that were reported by the app to the
# package manager. # package manager.
allow dexoptanalyzer app_data_file:dir { getattr search }; allow dexoptanalyzer app_data_file:dir { getattr search };
allow dexoptanalyzer app_data_file:file r_file_perms; allow dexoptanalyzer app_data_file:file { getattr read };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the # dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without # "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access. # suppressing denial on actual access.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment