diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-12 13:31:14 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-13 13:02:06 +0000 |
| commit | dc88dca115791053d00354785be37a38259b3781 (patch) | |
| tree | 722e1dec5ddbff13853793a86687783e43059477 /drmserver.te | |
| parent | 8b1e89868fd066dc00466409a194d32e1c9d23cf (diff) | |
| download | android_external_sepolicy-dc88dca115791053d00354785be37a38259b3781.tar.gz android_external_sepolicy-dc88dca115791053d00354785be37a38259b3781.tar.bz2 android_external_sepolicy-dc88dca115791053d00354785be37a38259b3781.zip | |
Get rid of separate platform_app_data_file type.
The original concept was to allow separation between /data/data/<pkgdir>
files of "platform" apps (signed by one of the four build keys) and
untrusted apps. But we had to allow read/write to support passing of
open files via Binder or local socket for compatibilty, and it seems
that direct open by pathname is in fact used in Android as well,
only passing the pathname via Binder or local socket. So there is no
real benefit to keeping it as a separate type.
Retain a type alias for platform_app_data_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.
Change-Id: Ic15066f48765322ad40500b2ba2801bb3ced5489
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'drmserver.te')
| -rw-r--r-- | drmserver.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/drmserver.te b/drmserver.te index a11700c..b419111 100644 --- a/drmserver.te +++ b/drmserver.te @@ -20,7 +20,6 @@ allow drmserver sdcard_type:dir search; allow drmserver drm_data_file:dir create_dir_perms; allow drmserver drm_data_file:file create_file_perms; allow drmserver tee_device:chr_file rw_file_perms; -allow drmserver platform_app_data_file:file { read write getattr }; allow drmserver app_data_file:file { read write getattr }; allow drmserver sdcard_type:file { read write getattr }; r_dir_file(drmserver, efs_file) |