Skip to content
Snippets Groups Projects
Commit 29d0d406 authored by Geremy Condra's avatar Geremy Condra
Browse files

Add the ability to write shell files to the untrusted_app domain. 

Bug: 10290009
Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b
(cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
parent ab7dfabb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 1 deletion
untrusted_app.te
+ 4
1
View file @ 29d0d406
...@@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms; ...@@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms;
# running "adb install foo.apk". # running "adb install foo.apk".
# TODO: Long term, we don't want apps probing into shell data files. # TODO: Long term, we don't want apps probing into shell data files.
# Figure out a way to remove these rules. # Figure out a way to remove these rules.
allow untrusted_app shell_data_file:file r_file_perms; # XXX Adding writing to shell_data_file to fix 10290009; this needs a real fix,
# as allowing apps to write shell data files is a significant possible security
# vuln
allow untrusted_app shell_data_file:file rw_file_perms;
allow untrusted_app shell_data_file:dir r_dir_perms; allow untrusted_app shell_data_file:dir r_dir_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment