From 711895db2897bc5d001899eb5e0f931c79a1ad3f Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 27 Aug 2014 10:14:18 -0700
Subject: [PATCH] Allow appdomain read perms on apk_data_files.

Address:
type=1400 audit(0.0:103): avc: denied { read } for name="arm" dev="mmcblk0p28" ino=195471 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir

Bug: 16204150
Change-Id: I8bf0172b26b780c110c0d95c691785143acd7dd2
---
 app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app.te b/app.te
index e24215249..3439c95ef 100644
--- a/app.te
+++ b/app.te
@@ -142,6 +142,7 @@ allow appdomain shared_relro_file:dir search;
 allow appdomain shared_relro_file:file r_file_perms;
 
 # Allow apps to read/execute installed binaries
+allow appdomain apk_data_file:dir r_dir_perms;
 allow appdomain apk_data_file:file { rx_file_perms execmod };
 
 # /data/resource-cache
-- 
GitLab