diff options
| author | Johan Redestig <johan.redestig@sonymobile.com> | 2015-04-02 11:16:42 +0200 |
|---|---|---|
| committer | Johan Redestig <johan.redestig@sonymobile.com> | 2015-04-02 11:24:31 +0200 |
| commit | 386a0f09dd747ab81cfa2b31191bdc1394bb32f3 (patch) | |
| tree | 7cbf89ef8d2c26890eb83d11e481929b518038f4 /nfc.te | |
| parent | 1598b52b3aac53f63f2381ee2a4efa894b656a24 (diff) | |
| download | android_external_sepolicy-386a0f09dd747ab81cfa2b31191bdc1394bb32f3.tar.gz android_external_sepolicy-386a0f09dd747ab81cfa2b31191bdc1394bb32f3.tar.bz2 android_external_sepolicy-386a0f09dd747ab81cfa2b31191bdc1394bb32f3.zip | |
nfc: allow sending bugreports via nfc
Same change as 9819a6 but for nfc.
Nfc can receive bugreport data for beaming to another device.
This comes across as an open file descriptor. Allow nfc access
to bugreports.
Addresses the following denial:
avc: denied { read } for path="/data/data/com.android.shell/files/bugreports/bugreport-2015-03-30-04-49-57.txt" dev="mmcblk0p27" ino=82334 scontext=u:r:nfc:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file op_res=-13 ppid=435 pcomm="main" tgid=23475 tgcomm="m.android.shell"
Change-Id: I3efefcdb46444a1a6520803cb5e68bbdf29d3ad6
Diffstat (limited to 'nfc.te')
| -rw-r--r-- | nfc.te | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -44,4 +44,9 @@ auditallow nfc { -trust_service -user_service -vibrator_service -}:service_manager find;
\ No newline at end of file +}:service_manager find; + +# already open bugreport file descriptors may be shared with +# the nfc process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow nfc shell_data_file:file read; |