From b8ef2b0297ca112846cb7ed27b78ba7137f20076 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 10 Feb 2015 17:10:05 -0800
Subject: [PATCH] fix "Unable to add user's profile photo id."
Commit a833763ba04147e840fd054b613f759395bada35 enabled per-user
isolation, which requires that any files / processes which cross
user boundaries be marked with the mlstrustedsubject attribute.
system_app_data_file, used for storing a user's profile photos,
is not marked as such. As a result, users are unable to add profile
photos.
Addresses the following denial:
avc: denied { write } for path="/data/data/com.android.settings/cache/TakeEditUserPhoto2.jpg" dev="mmcblk0p28" ino=82184 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file
Steps to reproduce:
1.Flash & Factory the Deb device with tip-of-tree build
2.Go to 'Settings-Users'
3.Under users&profiles,click on Owner to add profile photo.
4.Select 'Choose photo from Gallery' and select a photo.
5.Then click the 'Done' button.
6.Device showed the message as 'Unable to save the photo edits'.
OBSERVED RESULTS:
Unable to add user's profile photo id. This issue is coming for all
users(Restricted user,second user)also.
EXPECTED RESULTS:
Device should allow to add profile photo id.
Bug: 19170844
Change-Id: If657dc09dd391e63ca85320f9cc1728580e51a15
---
file.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/file.te b/file.te
index 9ec6a20be..ae1079c4f 100644
--- a/file.te
+++ b/file.te
@@ -104,7 +104,7 @@ typealias audio_data_file alias audio_firmware_file;
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type;
# /data/data subdirectory for system UID apps.
-type system_app_data_file, file_type, data_file_type;
+type system_app_data_file, file_type, data_file_type, mlstrustedobject;
# Compatibility with type name used in Android 4.3 and 4.4.
typealias app_data_file alias platform_app_data_file;
typealias app_data_file alias download_file;
--
GitLab