Skip to content
Snippets Groups Projects
Normal view Permalink
profman.te 583 B
Newer Older
  • Learn to ignore specific revisions
    • Calin Juravle's avatar
    Update permissions for the dedicated profile folders
    Calin Juravle committed
    1 2 3 4 
    # profman
type profman, domain;
type profman_exec, exec_type, file_type;
    Calin Juravle's avatar
    Give profman getattr rights on profiles.  
    Calin Juravle committed
    5 
    allow profman user_profile_data_file:file { getattr read write lock };
    Calin Juravle's avatar
    Update permissions for the dedicated profile folders
    Calin Juravle committed
    6
    David Sehr's avatar
    Enable profman pretty printing  
    David Sehr committed
    7 8 9 10 11 12 
    # Dumping profile info opens the application APK file for pretty printing.
allow profman asec_apk_file:file { read };
allow profman apk_data_file:file { read };
allow profman oemfs:file { read };
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
allow profman tmpfs:file { read };
    David Sehr's avatar
    SELinux policy for /data/misc/profman  
    David Sehr committed
    13 14 
    allow profman profman_dump_data_file:file { write };
    Calin Juravle's avatar
    Update permissions for the dedicated profile folders
    Calin Juravle committed
    15 16 17 
    allow profman installd:fd use;

neverallow profman app_data_file:notdevfile_class_set open;