allow apps to read the contents of mounted OBBs

Apps should be able to read the contents of mounted OBBs. Steps to reproduce: 1) Install com.namcobandaigames.soulcaliburgp (SoulCalibur) 2) Attempt to run the app. Expected: App runs successfully. Actual: App crashes. See denials below. This can also be reproduced by running the newly introduced CTS test in I2018b63b0236ce6b5aee4094e40473315b1948c3 Addresses the following denials: avc: denied { read } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { open } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { getattr } for pid=4133 comm="roidJUnitRunner" path="/mnt/obb/f73da56689d166b5389d49ad31ecbadb/test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { search } for name="/" dev="loop0" ino=1 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0 (cherrypick of commit 62083414) Bug: 17633509 Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa

allow apps to read the contents of mounted OBBs
826bc5d6 · Nick Kralevich · 4635b26f · 826bc5d6
Commit 826bc5d6 authored 10 years ago by Nick Kralevich
--- a/app.te
+++ b/app.te
@@ -122,6 +122,10 @@ allow untrusted_app system_app_data_file:file { read write getattr };
 allow appdomain fuse:dir create_dir_perms;
 allow appdomain fuse:file create_file_perms;

+# Access OBBs (vfat images) mounted by vold (b/17633509)
+allow appdomain vfat:dir r_dir_perms;
+allow appdomain vfat:file r_file_perms;
+
 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
 #