Skip to content
Snippets Groups Projects
Commit 291fecab authored by Daniel Rosenberg's avatar Daniel Rosenberg Committed by android-build-merger
Browse files

Move sdcardfs media_rw_data_file rules to app.te am: 2a0053b2 am: 6ea1ad51 am: 506c7c1b

am: 3e6f1f86

Change-Id: I2e50b7fdccdcc3440431d0975d2a62524ada7926
parents bbc16562 3e6f1f86
No related branches found
No related tags found
No related merge requests found
......@@ -188,6 +188,10 @@ allow { appdomain -isolated_app } fuse:dir create_dir_perms;
allow { appdomain -isolated_app } fuse:file create_file_perms;
allow { appdomain -isolated_app } sdcardfs:dir create_dir_perms;
allow { appdomain -isolated_app } sdcardfs:file create_file_perms;
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
allow { appdomain -isolated_app } media_rw_data_file:dir create_dir_perms;
allow { appdomain -isolated_app } media_rw_data_file:file create_file_perms;
# Access OBBs (vfat images) mounted by vold (b/17633509)
# File write access allowed for FDs returned through Storage Access Framework
......
......@@ -58,12 +58,6 @@ unix_socket_connect(bluetooth, sap_uim, rild)
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow bluetooth shell_data_file:file read;
# Access to /data/media.
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
allow bluetooth media_rw_data_file:dir create_dir_perms;
allow bluetooth media_rw_data_file:file create_file_perms;
###
### Neverallow rules
###
......
......@@ -129,12 +129,6 @@ allow shell sysfs:dir r_dir_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;
# Access to /data/media.
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
allow shell media_rw_data_file:dir create_dir_perms;
allow shell media_rw_data_file:file create_file_perms;
#
# filesystem test for insecure chr_file's is done
# via a host side test
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment