Adding permission for traceur to use content provider

This change will allow traceur to pass a file descriptor to another app in order to allow that app to process trace data files. E.g. in the use case that someone would like to email the traces they collected and pass the trace data files to gmail, this will now be permitted. Bug:68126425 Test: Traceur can pass fd's to untrusted apps for processing Change-Id: If0507b5d1f06fd8400e04bd60e06a44153dc59b7

Adding permission for traceur to use content provider
278147eb · Max Bires · d35399ff · 278147eb
Commit 278147eb authored 7 years ago by Max Bires
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -41,6 +41,15 @@ allow untrusted_app_all asec_public_file:file { execute execmod };
 allow untrusted_app_all shell_data_file:file r_file_perms;
 allow untrusted_app_all shell_data_file:dir r_dir_perms;

+# Allow traceur to pass file descriptors through a content provider to untrusted apps
+# for the purpose of sharing files through e.g. gmail
+allow untrusted_app_all trace_data_file:file { getattr read };
+
+# untrusted apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor
+neverallow untrusted_app_all trace_data_file:dir *;
+neverallow untrusted_app_all trace_data_file:file { no_w_file_perms open };
+
 # Allow to read staged apks.
 allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr};