From 4e6655b5d88d8038611cedab7f922ca3f4f1a67d Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Sun, 28 Aug 2016 12:45:03 -0700
Subject: [PATCH] isolated_app: grant append on app_data_file

isolated_app can already write to a file. Apps may want to append
instead of write.

Fixes: 30984610
Change-Id: I7a90b3311dcaff597f07930ceea0a23b29b0df2d
---
 isolated_app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/isolated_app.te b/isolated_app.te
index 53dfbc483..14e7f293d 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -13,7 +13,7 @@ type isolated_app, domain;
 app_domain(isolated_app)
 
 # Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { read write getattr lock };
+allow isolated_app app_data_file:file { append read write getattr lock };
 
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
-- 
GitLab