diff options
| author | Daniel Rosenberg <drosen@google.com> | 2019-07-15 13:21:54 -0700 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2019-07-15 13:21:54 -0700 |
| commit | 640ead1a51655a50eb17b3a8ba989ec95a75e7e1 (patch) | |
| tree | f3db1b37e8ba87ceb127f4b29dad55b7755175c3 | |
| parent | d519b1ca7cf37810e880a55d47fed9246f08c616 (diff) | |
| parent | a85c5360abaf3df28467919839387979f460acf7 (diff) | |
| download | android_system_sepolicy-640ead1a51655a50eb17b3a8ba989ec95a75e7e1.tar.gz android_system_sepolicy-640ead1a51655a50eb17b3a8ba989ec95a75e7e1.tar.bz2 android_system_sepolicy-640ead1a51655a50eb17b3a8ba989ec95a75e7e1.zip | |
Merge "sepolicy: Adjust policy for migrate_legacy_obb_data.sh" into qt-dev
am: a85c5360ab
Change-Id: I9cf4bf773a5c7d36922bb590f74e283c565673c8
| -rw-r--r-- | prebuilts/api/29.0/private/migrate_legacy_obb_data.te | 8 | ||||
| -rw-r--r-- | private/migrate_legacy_obb_data.te | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te +++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/private/migrate_legacy_obb_data.te +++ b/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. |