diff --git a/app.te b/app.te index c670c9dd818a8ddbad8c55da64bf9421a8e7a239..c8009dc52fbb4eb5b714e90d2c764d3157a94556 100644 --- a/app.te +++ b/app.te @@ -344,6 +344,10 @@ neverallow appdomain dhcp_data_file:dir_file_class_set { create write setattr relabelfrom relabelto append unlink link rename }; +# access tmp apk files +neverallow { appdomain -platform_app -priv_app } + { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *; + # Access to factory files. neverallow appdomain efs_file:dir_file_class_set write; neverallow { appdomain -shell } efs_file:dir_file_class_set read; diff --git a/untrusted_app.te b/untrusted_app.te index fc9af41c20c9279561cedb508e819fe435469b32..bfba08a2345a36344664dc7838bfd621bbf63b3d 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -80,10 +80,6 @@ allow untrusted_app radio_service:service_manager find; allow untrusted_app surfaceflinger_service:service_manager find; allow untrusted_app app_api_service:service_manager find; -# Allow verifier to access staged apks. -allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms; -allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; - # Allow GMS core to access perfprofd output, which is stored # in /data/misc/perfprofd/. GMS core will need to list all # data stored in that directory to process them one by one.