From 476c207840227aba998878179c7869a2c5ef5a7e Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 30 Sep 2014 11:12:55 -0400
Subject: [PATCH] Mark asec_apk_file as mlstrustedobject.

Resolves denials such as:
avc:  denied  { write } for  pid=1546 comm="Binder_1" name="/" dev="dm-0" ino=2 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir

This is required to install a forward-locked app.

Change-Id: I2b37a56d087bff7baf82c738896d9563f0ab4fc4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 file.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/file.te b/file.te
index 39b3d07ac..cc11677d6 100644
--- a/file.te
+++ b/file.te
@@ -111,7 +111,7 @@ type efs_file, file_type;
 # Type for wallpaper file.
 type wallpaper_file, file_type, mlstrustedobject;
 # /mnt/asec
-type asec_apk_file, file_type, data_file_type;
+type asec_apk_file, file_type, data_file_type, mlstrustedobject;
 # Elements of asec files (/mnt/asec) that are world readable
 type asec_public_file, file_type, data_file_type;
 # /data/app-asec
-- 
GitLab