Fix compile time / CTS gps_data_files neverallow assertion

Currently, zygote spawned apps are prohibited from modifying GPS data files. If someone tries to allow GPS access to any app domain, it generates a compile time / CTS exception. Relax the rules slightly for system_app. These apps run with UID=system, and shouldn't be banned from handling gps data files. This change doesn't add or remove any SELinux rules. Rather, it just relaxes a compile time assertion, allow partners to create SELinux rules allowing the access if they desire. Bug: 18021422 Change-Id: Iad0c6a3627efe129246e2c817f6f71d2735eba93

Fix compile time / CTS gps_data_files neverallow assertion
480374e4 · Nick Kralevich · 51bfecf4 · 480374e4
Commit 480374e4 authored 10 years ago by Nick Kralevich
--- a/app.te
+++ b/app.te
@@ -298,7 +298,8 @@ neverallow { appdomain -system_app }
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow appdomain gps_data_file:dir_file_class_set
+neverallow { appdomain -system_app }
+    gps_data_file:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
    apk_data_file:dir_file_class_set