From 8a2ebe3477837b21b728135cd8780ffd528696af Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 15 Jul 2013 15:48:34 -0700
Subject: [PATCH] Temporarily allow untrusted apps to read shell data files.

This is needed to support "Verify App" functionality.
During side loading, the Verify App functionality reads the APK
to determine if it's safe to install.

Bug: 9863154
Change-Id: I33f6b0fd012f6cb194e253d5d92cf6189d6aa222
---
 untrusted_app.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 746d0a46a..5b03280f2 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -35,3 +35,10 @@ allow untrusted_app self:{ tcp_socket udp_socket } create_socket_perms;
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
 allow untrusted_app devpts:chr_file rw_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+# TODO: Long term, we don't want apps probing into shell data files.
+# Figure out a way to remove these rules.
+allow untrusted_app shell_data_file:file r_file_perms;
+allow untrusted_app shell_data_file:dir r_dir_perms;
-- 
GitLab