diff options
author | Daniel Rosenberg <drosen@google.com> | 2019-07-15 19:56:35 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-07-15 19:56:35 +0000 |
commit | a85c5360abaf3df28467919839387979f460acf7 (patch) | |
tree | 96aebf4ccdada92edef2dbca89c8752469e59f39 | |
parent | 9bfaa1c4dd25ad3dd72a961b01ffdfcb39bfbc5b (diff) | |
parent | 793dc8f8da2bbcb954670bfbd53a0038328e8473 (diff) | |
download | android_system_sepolicy-a85c5360abaf3df28467919839387979f460acf7.tar.gz android_system_sepolicy-a85c5360abaf3df28467919839387979f460acf7.tar.bz2 android_system_sepolicy-a85c5360abaf3df28467919839387979f460acf7.zip |
Merge "sepolicy: Adjust policy for migrate_legacy_obb_data.sh" into qt-dev
-rw-r--r-- | prebuilts/api/29.0/private/migrate_legacy_obb_data.te | 8 | ||||
-rw-r--r-- | private/migrate_legacy_obb_data.te | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te +++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/private/migrate_legacy_obb_data.te +++ b/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. |