diff options
| author | dcashman <dcashman@google.com> | 2015-07-13 15:31:01 -0700 |
|---|---|---|
| committer | dcashman <dcashman@google.com> | 2015-07-13 15:35:52 -0700 |
| commit | 301555e6f3445cda4ccec0240c37848a1d3b9d0e (patch) | |
| tree | d27880c0328e6a0b3f13b25f9ea5539a2acca112 | |
| parent | 099d63290bc03dd5b98041bc93f105f1342b3596 (diff) | |
| download | android_external_sepolicy-301555e6f3445cda4ccec0240c37848a1d3b9d0e.tar.gz android_external_sepolicy-301555e6f3445cda4ccec0240c37848a1d3b9d0e.tar.bz2 android_external_sepolicy-301555e6f3445cda4ccec0240c37848a1d3b9d0e.zip | |
Allow domains to read tmpfs symlinks.
Domains have the ability to read normal tmpfs files but not symlinks.
Grant this ability. In particular, allow domains to read /mnt/sdcard.
Addresses the following denial:
type=1400 audit(0.0:19):avc: denied { read } for comm=4173796E635461736B202333 name="sdcard" dev="tmpfs" ino=7475 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0
(cherry-pick of commit: 2b0b8299b2f144165290b18855a9ca256492564c)
Bug: 20755029
Change-Id: Iaa5dc278b34faf33473d3e49f92d8766ae5563c0
| -rw-r--r-- | domain.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -6,6 +6,7 @@ allow domain init:process sigchld; # Read access to properties mapping. allow domain kernel:fd use; allow domain tmpfs:file { read getattr }; +allow domain tmpfs:lnk_file { read getattr }; # Search /storage/emulated tmpfs mount. allow domain tmpfs:dir r_dir_perms; |