From a949ddb5cebafcf134095aca94b6e6ce7e9d24e6 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Wed, 14 Mar 2018 20:44:50 +0000
Subject: [PATCH] Merge "Adding ability for priv apps to read traceur fd" am:
 8966b8e53d

Bug: 74435522
Test: traceur can share to betterbug
Change-Id: Ic24196b6a4050696d92f18a6879c569ccf5eaec7
(cherry picked from commit f66fd5226f41b998155de2fba2550d0c6b48a406)
---
 private/priv_app.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/private/priv_app.te b/private/priv_app.te
index 709bc7bdb..0841c41f6 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -58,6 +58,9 @@ allow priv_app media_rw_data_file:file create_file_perms;
 allow priv_app shell_data_file:file r_file_perms;
 allow priv_app shell_data_file:dir r_dir_perms;
 
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow priv_app trace_data_file:file { getattr read };
+
 # Allow verifier to access staged apks.
 allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
 allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
@@ -194,3 +197,8 @@ neverallow priv_app mlstrustedsubject:process fork;
 # bugs, so we want to ensure priv_app never has this
 # capability.
 neverallow priv_app file_type:file link;
+
+# priv apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor which they can then read
+neverallow priv_app trace_data_file:dir *;
+neverallow priv_app trace_data_file:file { no_w_file_perms open };
-- 
GitLab