From 4c7044e0b1f0092d3334200d3817528600be323d Mon Sep 17 00:00:00 2001
From: Daichi Hirono <hirono@google.com>
Date: Wed, 9 Nov 2016 15:27:59 +0900
Subject: [PATCH] Allow apps to search appfuse mount point and open a file on
 appfuse mount point.

Bug: 29970149
Test: None
Change-Id: I59f49f3bf20d93effde5e1a9a3c1ed64fbecb7a8
---
 public/app.te      | 3 ++-
 public/priv_app.te | 2 --
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/public/app.te b/public/app.te
index fe9ad52ee..a443bbce0 100644
--- a/public/app.te
+++ b/public/app.te
@@ -249,7 +249,8 @@ allow { appdomain -isolated_app } hal_graphics_allocator:fd use;
 allow appdomain proc_meminfo:file r_file_perms;
 
 # For app fuse.
-allow appdomain app_fuse_file:file { getattr read append write };
+allow appdomain app_fuse_file:dir rw_dir_perms;
+allow appdomain app_fuse_file:file rw_file_perms;
 
 ###
 ### CTS-specific rules
diff --git a/public/priv_app.te b/public/priv_app.te
index 04a050936..17b19cdde 100644
--- a/public/priv_app.te
+++ b/public/priv_app.te
@@ -79,8 +79,6 @@ allow priv_app exec_type:file { getattr read open };
 # For AppFuse.
 allow priv_app vold:fd use;
 allow priv_app fuse_device:chr_file { read write };
-allow priv_app app_fuse_file:dir rw_dir_perms;
-allow priv_app app_fuse_file:file rw_file_perms;
 
 # /sys and /proc access
 r_dir_file(priv_app, sysfs_type)
-- 
GitLab