From 480374e4d082238a71773f29483c5d24ad8b3f6d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 16 Oct 2014 15:00:19 -0700
Subject: [PATCH] Fix compile time / CTS gps_data_files neverallow assertion

Currently, zygote spawned apps are prohibited from modifying GPS
data files. If someone tries to allow GPS access to any app domain,
it generates a compile time / CTS exception.

Relax the rules slightly for system_app. These apps run with UID=system,
and shouldn't be banned from handling gps data files.

This change doesn't add or remove any SELinux rules. Rather, it just
relaxes a compile time assertion, allow partners to create SELinux
rules allowing the access if they desire.

Bug: 18021422
Change-Id: Iad0c6a3627efe129246e2c817f6f71d2735eba93
---
 app.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.te b/app.te
index b3082fbc3..b9027fe90 100644
--- a/app.te
+++ b/app.te
@@ -298,7 +298,8 @@ neverallow { appdomain -system_app }
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow appdomain gps_data_file:dir_file_class_set
+neverallow { appdomain -system_app }
+    gps_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
     apk_data_file:dir_file_class_set
-- 
GitLab