Allow installd to chown/chmod app data files.

Addresses denials such as: avc: denied { setattr } for comm="installd" name="com.android.calendar_preferences_no_backup.xml" dev="mmcblk0p28" ino=1499393 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file avc: denied { setattr } for comm="installd" name="calendar_alerts.xml" dev="mmcblk0p28" ino=1499463 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file avc: denied { setattr } for comm="installd" name="_has_set_default_values.xml" dev="mmcblk0p28" ino=1499428 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file Change-Id: I0622f1a9d2b10e28be2616f91edf33bc048b4ac7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow installd to chown/chmod app data files.
89b9ff7e · Stephen Smalley · 42fb824c · 89b9ff7e
Commit 89b9ff7e authored 10 years ago by Stephen Smalley
--- a/installd.te
+++ b/installd.te
@@ -70,4 +70,4 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
 # Types extracted from seapp_contexts type= fields.
 allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { create_dir_perms relabelfrom relabelto };
 allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:lnk_file { create setattr getattr unlink rename relabelfrom relabelto };
-allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto };
+allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto setattr };