From 7ae1d23745c0a9d14bfa03d776bf0884decc5c49 Mon Sep 17 00:00:00 2001
From: Daichi Hirono <hirono@google.com>
Date: Mon, 5 Dec 2016 10:49:35 +0900
Subject: [PATCH] Don't open appfuse files in apps.

Previously we published appfuse mount points to apps and apps open
appfuse file by themselves. We changed the design and we don't allow
apps to access appfuse mount point. Instead system server opens a file
on appfuse mount points and passes FD to apps.

The change updates apps and system server policies to adopt new design.

Bug: 29970149
Test: None
Change-Id: I0b35fee9816f61565705eecb88a472754ccffdca
---
 public/app.te           | 3 +--
 public/system_server.te | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/public/app.te b/public/app.te
index 370f5394b..57b76f172 100644
--- a/public/app.te
+++ b/public/app.te
@@ -252,8 +252,7 @@ allow { appdomain -isolated_app } hal_graphics_allocator:fd use;
 allow appdomain proc_meminfo:file r_file_perms;
 
 # For app fuse.
-allow appdomain app_fuse_file:dir rw_dir_perms;
-allow appdomain app_fuse_file:file rw_file_perms;
+allow appdomain app_fuse_file:file { getattr read append write };
 
 ###
 ### CTS-specific rules
diff --git a/public/system_server.te b/public/system_server.te
index f36fa9f1b..0e1b9c06b 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -559,6 +559,8 @@ userdebug_or_eng(`
 # For AppFuse.
 allow system_server vold:fd use;
 allow system_server fuse_device:chr_file { read write ioctl getattr };
+allow system_server app_fuse_file:dir rw_dir_perms;
+allow system_server app_fuse_file:file { read write open getattr append };
 
 # For configuring sdcardfs
 allow system_server configfs:dir { create_dir_perms };
-- 
GitLab