allow untrusted_app read /data/anr/traces.txt

The GMS core feedback agent runs as untrusted_app, and needs the ability to read /data/anr/traces.txt to report ANR information. Allow all untrusted_apps to read /data/anr/traces.txt so that GMS core can access it. Longer term, we need to move GMS core into it's own domain, but that's a longer term change. Addresses the following denial: W/ndroid.feedback(17825): type=1400 audit(0.0:68004): avc: denied { read } for name="traces.txt" dev="mmcblk0p28" ino=325762 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file Bug: 18504118 Bug: 18340553 Change-Id: Ia9fac599befc3a3b6e5282be15ec8fd04bb23385

allow untrusted_app read /data/anr/traces.txt
e2547c3b · Nick Kralevich · adbabeeb · e2547c3b
Commit e2547c3b authored 10 years ago by Nick Kralevich
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -48,6 +48,14 @@ create_pty(untrusted_app)
 allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
+# b/18504118: Allow reads from /data/anr/traces.txt
+# TODO: We shouldn't be allowing all untrusted_apps to read
+# this file. This is only needed for the GMS feedback agent.
+# See also b/18340553. GMS runs as untrusted_app, and
+# it's too late to change the domain it runs in.
+# This line needs to be deleted.
+allow untrusted_app anr_data_file:file r_file_perms;
 #
 # Rules migrated from old app domains coalesced into untrusted_app.
 # This includes what used to be media_app, shared_app, and release_app.