Add new domains for private apps.

/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.

Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

1 files changed, 4 insertions, 2 deletions

diff --git a/app.te b/app.te
index 967a32f..e8d272d 100644
--- a/app.te
+++ b/app.te
@@ -20,8 +20,10 @@ allow platform_app cache_file:file create_file_perms;
 allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
 allow platform_app shell_data_file:lnk_file read;
-# Populate /data/app/vmdl*.tmp file created by system server.
-allow platform_app apk_tmp_file:file rw_file_perms;
+# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+# created by system server.
+allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
+allow platform_app apk_private_data_file:dir search;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;