diff options
author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2014-02-04 11:36:41 -0500 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-02-11 17:08:10 +0000 |
commit | 48b18832c476f0bd8fcb8ee3e308258392f36aaf (patch) | |
tree | 6e0be59d71a71598b0b6c05df1e8e84c5d2bbfc2 /vold.te | |
parent | e21871c8b7250f5dfc746298ab170a869e6be94d (diff) | |
download | android_external_sepolicy-48b18832c476f0bd8fcb8ee3e308258392f36aaf.tar.gz android_external_sepolicy-48b18832c476f0bd8fcb8ee3e308258392f36aaf.tar.bz2 android_external_sepolicy-48b18832c476f0bd8fcb8ee3e308258392f36aaf.zip |
Introduce asec_public_file type.
This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.
Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'vold.te')
-rw-r--r-- | vold.te | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -71,8 +71,11 @@ allow vold ctl_default_prop:property_service set; allow vold asec_image_file:file create_file_perms; allow vold asec_image_file:dir rw_dir_perms; security_access_policy(vold) -allow vold asec_apk_file:dir { rw_dir_perms setattr }; -allow vold asec_apk_file:file { r_file_perms setattr }; +relabelto_domain(vold) +allow vold asec_apk_file:dir { rw_dir_perms setattr relabelfrom }; +allow vold asec_public_file:dir { relabelto setattr }; +allow vold asec_apk_file:file { r_file_perms setattr relabelfrom }; +allow vold asec_public_file:file { relabelto setattr }; # Handle wake locks (used for device encryption) allow vold sysfs_wake_lock:file rw_file_perms; |