From 89b9ff7e87a94128efba3e9f56fbd2d0dafa848a Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Jun 2014 09:09:25 -0400
Subject: [PATCH] Allow installd to chown/chmod app data files.
Addresses denials such as:
avc: denied { setattr } for comm="installd" name="com.android.calendar_preferences_no_backup.xml" dev="mmcblk0p28" ino=1499393 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file avc: denied { setattr } for comm="installd" name="calendar_alerts.xml" dev="mmcblk0p28" ino=1499463 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file
avc: denied { setattr } for comm="installd" name="_has_set_default_values.xml" dev="mmcblk0p28" ino=1499428 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file
Change-Id: I0622f1a9d2b10e28be2616f91edf33bc048b4ac7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
installd.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/installd.te b/installd.te
index 90564d17d..586f4262c 100644
--- a/installd.te
+++ b/installd.te
@@ -70,4 +70,4 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
# Types extracted from seapp_contexts type= fields.
allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { create_dir_perms relabelfrom relabelto };
allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:lnk_file { create setattr getattr unlink rename relabelfrom relabelto };
-allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto };
+allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto setattr };
--
GitLab