diff options
author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2013-04-03 14:21:46 -0400 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-04-05 13:10:57 -0700 |
commit | ffd8c441a5903772af1705ddea5756d117bc9ec9 (patch) | |
tree | 1b139e9ee0856101c72473c16ad1d8d3c38f7a24 /app.te | |
parent | 142480a8ac5c8ae04db3401401085192bd2334f7 (diff) | |
download | android_external_sepolicy-ffd8c441a5903772af1705ddea5756d117bc9ec9.tar.gz android_external_sepolicy-ffd8c441a5903772af1705ddea5756d117bc9ec9.tar.bz2 android_external_sepolicy-ffd8c441a5903772af1705ddea5756d117bc9ec9.zip |
Add new domains for private apps.
/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.
Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'app.te')
-rw-r--r-- | app.te | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -20,8 +20,10 @@ allow platform_app cache_file:file create_file_perms; allow platform_app shell_data_file:dir search; allow platform_app shell_data_file:file { open getattr read }; allow platform_app shell_data_file:lnk_file read; -# Populate /data/app/vmdl*.tmp file created by system server. -allow platform_app apk_tmp_file:file rw_file_perms; +# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files +# created by system server. +allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms; +allow platform_app apk_private_data_file:dir search; # ASEC allow platform_app asec_apk_file:dir create_dir_perms; allow platform_app asec_apk_file:file create_file_perms; |