Merge "Allow untrusted apps to read apks" into oc-mr1-dev am: 420be61f

am: d6d35b2a Change-Id: Icf0c6e855942e926d66c19ce05290946ef0ae51a

Merge "Allow untrusted apps to read apks" into oc-mr1-dev am: 420be61f
bc996c5a · Philip P. Moltmann · android-build-merger · 620b0a63 · d6d35b2a · bc996c5a
Commit bc996c5a authored 7 years ago by Philip P. Moltmann Committed by android-build-merger 7 years ago
--- a/private/app.te
+++ b/private/app.te
@@ -474,9 +474,12 @@ neverallow appdomain
    { create write setattr relabelfrom relabelto append unlink link rename };

 # access tmp apk files
-neverallow { appdomain -platform_app -priv_app }
+neverallow { appdomain -untrusted_app_all -platform_app -priv_app }
    { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;

+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read };
+
 # Access to factory files.
 neverallow appdomain efs_file:dir_file_class_set write;
 neverallow { appdomain -shell } efs_file:dir_file_class_set read;

--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -41,6 +41,9 @@ allow untrusted_app_all asec_public_file:file { execute execmod };
 allow untrusted_app_all shell_data_file:file r_file_perms;
 allow untrusted_app_all shell_data_file:dir r_dir_perms;

+# Allow to read staged apks.
+allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr};
+
 # Read and write system app data files passed over Binder.
 # Motivating case was /data/data/com.android.settings/cache/*.jpg for
 # cropping or taking user photos.