Temporarily allow untrusted apps to read shell data files.

This is needed to support "Verify App" functionality. During side loading, the Verify App functionality reads the APK to determine if it's safe to install. Bug: 9863154 Change-Id: I33f6b0fd012f6cb194e253d5d92cf6189d6aa222

Temporarily allow untrusted apps to read shell data files.
8a2ebe34 · Nick Kralevich · 0b5b4faf · 8a2ebe34
Commit 8a2ebe34 authored 11 years ago by Nick Kralevich
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -35,3 +35,10 @@ allow untrusted_app self:{ tcp_socket udp_socket } create_socket_perms;
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
 allow untrusted_app devpts:chr_file rw_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+# TODO: Long term, we don't want apps probing into shell data files.
+# Figure out a way to remove these rules.
+allow untrusted_app shell_data_file:file r_file_perms;
+allow untrusted_app shell_data_file:dir r_dir_perms;