private · cdc6649acc43d3a38753e22790f372290c1189c1 · CodeLinaro / public-release-test / platform / system / sepolicy

Revert "Change priv-apps /home/home labels to privapp_data_file"

Nick Kralevich authored 6 years ago

There is a problem with on-disk labeling of files created by secondary
dex background compilation which is causing unexpected denials to show
up. Restore the old labeling until we are able to fix the underlying
problem.

Steps to reproduce:
  1) boot android device.
  2) adb root
  3) Run cmd package compile -r bg-dexopt --secondary-dex com.google.android.gms
  4) Examine the files in /data/user_de/0/com.google.android.gms
Expected:
  All files have the label privapp_data_file
Actual:
  The files in /data/user_de/0/com.google.android.gms/app_chimera/m
  are labeled "app_data_file", not "privapp_data_file".

This reverts commit 4df57822.

Bug: 112357170
Test: policy compiles
Change-Id: I38ba75c92c9c46e6a1fdbc02e3dc80c63adccaa8

cdc6649a

History

cdc6649a 6 years ago

History

Name	Last commit	Last update
..
compat
access_vectors
adbd.te
app.te
app_neverallows.te
asan_extract.te
atrace.te
audioserver.te
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bpfloader.te
bufferhubd.te
bug_map
cameraserver.te
charger.te
clatd.te
coredomain.te
cppreopts.te
crash_dump.te
dex2oat.te
dexoptanalyzer.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
file_contexts_overlayfs
fingerprintd.te
fs_use
fsck.te
fsck_untrusted.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hwservice_contexts
hwservicemanager.te
idmap.te
incident.te
incident_helper.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
llkd.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
mls
mls_decl
mls_macros
modprobe.te
mtp.te
net.te
netd.te
netutils_wrapper.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
perfetto.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property_contexts
racoon.te