Skip to content
Snippets Groups Projects
Commit 15da30b6 authored by Calin Juravle's avatar Calin Juravle
Browse files

Allow system server to open profiles 

Allow system_server to open profile snapshots for read.
System server never reads the actual content. It passes the descriptor to
to privileged apps which acquire the permissions to inspect the profiles.

Test: installd_dexopt_test
Bug: 30934496
Change-Id: I1d1f07a05261af25f6640040af1500c9a4d5b8d5
parent 4081fd39
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/system_server.te
+ 7
0
View file @ 15da30b6
...@@ -720,6 +720,13 @@ with_asan(` ...@@ -720,6 +720,13 @@ with_asan(`
allow system_server zygote_exec:file rx_file_perms; allow system_server zygote_exec:file rx_file_perms;
') ')
# ART Profiles.
# Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
allow system_server user_profile_data_file:dir { search };
allow system_server user_profile_data_file:file { open read };
### ###
### Neverallow rules ### Neverallow rules
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment