Skip to content
Snippets Groups Projects
Commit a9bf59ca authored by Geremy Condra's avatar Geremy Condra Committed by The Android Automerger
Browse files

Add the ability to write shell files to the untrusted_app domain. 

Bug: 10290009
Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b
(cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
parent 6db3c2d1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 1 deletion
untrusted_app.te
+ 4
1
View file @ a9bf59ca
...@@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms; ...@@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms;
# running "adb install foo.apk". # running "adb install foo.apk".
# TODO: Long term, we don't want apps probing into shell data files. # TODO: Long term, we don't want apps probing into shell data files.
# Figure out a way to remove these rules. # Figure out a way to remove these rules.
allow untrusted_app shell_data_file:file r_file_perms; # XXX Adding writing to shell_data_file to fix 10290009; this needs a real fix,
# as allowing apps to write shell data files is a significant possible security
# vuln
allow untrusted_app shell_data_file:file rw_file_perms;
allow untrusted_app shell_data_file:dir r_dir_perms; allow untrusted_app shell_data_file:dir r_dir_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment