diff options
Diffstat (limited to 'installd.te')
-rw-r--r-- | installd.te | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/installd.te b/installd.te index 3f685f1..bc4c23e 100644 --- a/installd.te +++ b/installd.te @@ -5,10 +5,16 @@ type installd_exec, exec_type, file_type; init_daemon_domain(installd) typeattribute installd mlstrustedsubject; allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; -allow installd apk_data_file:file { rename unlink }; + +# Allow labeling of files under /data/app/com.example/oat/ allow installd dalvikcache_data_file:dir relabelto; +allow installd dalvikcache_data_file:file { relabelto link }; + +# Allow movement of APK files between volumes allow installd apk_data_file:dir { create_dir_perms relabelfrom }; +allow installd apk_data_file:file { create_file_perms relabelfrom link }; allow installd apk_data_file:lnk_file { create read unlink }; + allow installd asec_apk_file:file r_file_perms; allow installd apk_tmp_file:file { r_file_perms unlink }; allow installd apk_tmp_file:dir { relabelfrom create_dir_perms }; @@ -16,7 +22,7 @@ allow installd oemfs:dir r_dir_perms; allow installd oemfs:file r_file_perms; allow installd system_file:file x_file_perms; allow installd cgroup:dir create_dir_perms; -allow installd mnt_expand_file:dir search; +allow installd mnt_expand_file:dir { search getattr }; # Check validity of SELinux context before use. selinux_check_context(installd) # Read /seapp_contexts and /data/security/seapp_contexts |