From 8be3e77986e573751cb74634f58c4fbacb0bcd11 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 5 Mar 2015 15:40:04 -0800
Subject: [PATCH] move untrusted_app statement to the correct file.

Change-Id: I5ae9606023ef7f3489f44e6657766e922160c470
---
 app.te           | 5 -----
 untrusted_app.te | 5 +++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app.te b/app.te
index 89c81cf89..40ec61079 100644
--- a/app.te
+++ b/app.te
@@ -119,11 +119,6 @@ allow appdomain media_rw_data_file:file { read getattr };
 # Read and write /data/data/com.android.providers.telephony files passed over Binder.
 allow appdomain radio_data_file:file { read write getattr };
 
-# Read and write system app data files passed over Binder.
-# Motivating case was /data/data/com.android.settings/cache/*.jpg for
-# cropping or taking user photos.
-allow untrusted_app system_app_data_file:file { read write getattr };
-
 # Access SDcard via the fuse mount.
 allow appdomain fuse:dir create_dir_perms;
 allow appdomain fuse:file create_file_perms;
diff --git a/untrusted_app.te b/untrusted_app.te
index 91cb46ac6..92d2cf40b 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -47,6 +47,11 @@ create_pty(untrusted_app)
 allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
 
+# Read and write system app data files passed over Binder.
+# Motivating case was /data/data/com.android.settings/cache/*.jpg for
+# cropping or taking user photos.
+allow untrusted_app system_app_data_file:file { read write getattr };
+
 #
 # Rules migrated from old app domains coalesced into untrusted_app.
 # This includes what used to be media_app, shared_app, and release_app.
-- 
GitLab