diff options
author | Nick Kralevich <nnk@google.com> | 2015-04-08 10:42:30 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-04-08 10:42:30 -0700 |
commit | 9bef25026b43ccfb656a3a53b74a787ca3376227 (patch) | |
tree | c9648b2039f681c8aaacf3a113dd09d39e49e932 /system_server.te | |
parent | 8a06c07724ad538d6c2f1d703fec88929c118894 (diff) | |
download | android_external_sepolicy-9bef25026b43ccfb656a3a53b74a787ca3376227.tar.gz android_external_sepolicy-9bef25026b43ccfb656a3a53b74a787ca3376227.tar.bz2 android_external_sepolicy-9bef25026b43ccfb656a3a53b74a787ca3376227.zip |
system_server: support hard linking for split APKs
Commit 85ce2c706e95f96c95b3af418b7bda0bfe9918f4 removed hard link
support from create_file_perms, but system_server requires hard
link support for split APKs. Allow it.
Addresses the following denial:
audit(0.0:152): avc: denied { link } for name="base.apk" dev="dm-0" ino=816009 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
Steps to reproduce:
1) Find the directory "hellogoogle3.splitapk"
2) adb install-multiple -r hellogoogle3_incremental.apk
3) adb install-multiple -r -p com.google.android.samples.hellogoogle3 native.apk
Expected:
2nd APK installs successfully.
Actual:
2nd APK fails to install.
Change-Id: Ib69fc70dd1c7cd158590db3fd117d6b05acf1cf7
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te index a028628..a2cfeba 100644 --- a/system_server.te +++ b/system_server.te @@ -175,7 +175,7 @@ allow system_server keychain_data_file:file create_file_perms; # Manage /data/app. allow system_server apk_data_file:dir create_dir_perms; -allow system_server apk_data_file:file create_file_perms; +allow system_server apk_data_file:file { create_file_perms link }; allow system_server apk_tmp_file:dir create_dir_perms; allow system_server apk_tmp_file:file create_file_perms; |