From 29d0d40668e686adc91cdfbf0d083e71ed82bac6 Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Fri, 16 Aug 2013 15:51:21 -0700
Subject: [PATCH] Add the ability to write shell files to the untrusted_app
 domain.

Bug: 10290009
Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b
(cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
---
 untrusted_app.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/untrusted_app.te b/untrusted_app.te
index c91543ed8..b112636ff 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms;
 # running "adb install foo.apk".
 # TODO: Long term, we don't want apps probing into shell data files.
 # Figure out a way to remove these rules.
-allow untrusted_app shell_data_file:file r_file_perms;
+# XXX Adding writing to shell_data_file to fix 10290009; this needs a real fix,
+# as allowing apps to write shell data files is a significant possible security
+# vuln
+allow untrusted_app shell_data_file:file rw_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
-- 
GitLab