Skip to content
Snippets Groups Projects
Commit 08f5e8b0 authored by Shubham Ajmera's avatar Shubham Ajmera Committed by android-build-merger
Browse files

Merge "Don't allow dexoptanalyzer to open app_data_files" 

am: daac339f

Change-Id: I8c2071e1ae30df73bea15cdf1a77925866f2f8a6
parents ae6b847b daac339f
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
private/dexoptanalyzer.te
+ 1
1
View file @ 08f5e8b0
...@@ -20,7 +20,7 @@ allow dexoptanalyzer installd:fd use; ...@@ -20,7 +20,7 @@ allow dexoptanalyzer installd:fd use;
# Allow reading secondary dex files that were reported by the app to the # Allow reading secondary dex files that were reported by the app to the
# package manager. # package manager.
allow dexoptanalyzer app_data_file:dir { getattr search }; allow dexoptanalyzer app_data_file:dir { getattr search };
allow dexoptanalyzer app_data_file:file r_file_perms; allow dexoptanalyzer app_data_file:file { getattr read };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the # dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without # "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access. # suppressing denial on actual access.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment