Skip to content
Snippets Groups Projects
Commit c69bb0fe authored by Daniel Rosenberg's avatar Daniel Rosenberg Committed by android-build-merger
Browse files

isolated_app.te: Give permissions for using sdcardfs am: 02bf4aad 

am: e7bacff2

Change-Id: Ie6a0335e4c4c80dcb410681654ab7ae1aad1ee8d
parents c1a10d44 e7bacff2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 2 deletions
public/isolated_app.te
+ 4
2
View file @ c69bb0fe
...@@ -30,8 +30,10 @@ allow isolated_app self:process ptrace; ...@@ -30,8 +30,10 @@ allow isolated_app self:process ptrace;
# neverallow rules below. # neverallow rules below.
# TODO: consider removing write/append. We want to limit isolated_apps # TODO: consider removing write/append. We want to limit isolated_apps
# ability to mutate files of any type. # ability to mutate files of any type.
allow isolated_app sdcard_type:file { read write append getattr lock }; # media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
auditallow isolated_app sdcard_type:file { write append }; # is modified to change the secontext when accessing the lower filesystem.
allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock };
auditallow isolated_app { sdcard_type media_rw_data_file }:file { write append };
# For webviews, isolated_app processes can be forked from the webview_zygote # For webviews, isolated_app processes can be forked from the webview_zygote
# in addition to the zygote. Allow access to resources inherited from the # in addition to the zygote. Allow access to resources inherited from the
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment