diff options
author | Robin Lee <rgl@google.com> | 2014-10-13 12:10:08 +0100 |
---|---|---|
committer | Robin Lee <rgl@google.com> | 2014-10-15 18:02:03 +0000 |
commit | 51bfecf49d50982f64aba1fa73bbbdd2e40a444f (patch) | |
tree | fb112aa5cc8b9546e8a26a35d732c266399664c6 /installd.te | |
parent | ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7 (diff) | |
download | android_external_sepolicy-51bfecf49d50982f64aba1fa73bbbdd2e40a444f.tar.gz android_external_sepolicy-51bfecf49d50982f64aba1fa73bbbdd2e40a444f.tar.bz2 android_external_sepolicy-51bfecf49d50982f64aba1fa73bbbdd2e40a444f.zip |
Pull keychain-data policy out of system-data
Migrators should be allowed to write to /data/misc/keychain in order
to remove it. Similarly /data/misc/user should be writable by system
apps.
TODO: Revoke zygote's rights to read from /data/misc/keychain on
behalf of some preloaded security classes.
Bug: 17811821
Change-Id: I9e9c6883cff1dca3755732225404909c16a0e547
Diffstat (limited to 'installd.te')
-rw-r--r-- | installd.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/installd.te b/installd.te index 6257ede..6b1b2b8 100644 --- a/installd.te +++ b/installd.te @@ -37,6 +37,12 @@ allow installd media_rw_data_file:file { getattr unlink }; allow installd system_data_file:dir relabelfrom; allow installd media_rw_data_file:dir relabelto; +# Upgrade /data/misc/keychain for multi-user if necessary. +allow installd misc_user_data_file:dir create_dir_perms; +allow installd misc_user_data_file:file create_file_perms; +allow installd keychain_data_file:dir create_dir_perms; +allow installd keychain_data_file:file {r_file_perms unlink}; + # Create /data/.layout_version.* file type_transition installd system_data_file:file install_data_file; allow installd install_data_file:file create_file_perms; |