From e2547c3bffbbd03d6512de145a7f563d83d6fb9e Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 3 Dec 2014 16:26:26 -0800
Subject: [PATCH] allow untrusted_app read /data/anr/traces.txt

The GMS core feedback agent runs as untrusted_app, and needs
the ability to read /data/anr/traces.txt to report ANR information.

Allow all untrusted_apps to read /data/anr/traces.txt so that GMS core
can access it.

Longer term, we need to move GMS core into it's own domain, but that's
a longer term change.

Addresses the following denial:

W/ndroid.feedback(17825): type=1400 audit(0.0:68004): avc: denied { read } for name="traces.txt" dev="mmcblk0p28" ino=325762 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file

Bug: 18504118
Bug: 18340553
Change-Id: Ia9fac599befc3a3b6e5282be15ec8fd04bb23385
---
 untrusted_app.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 2a8c170a2..0dd96bded 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -48,6 +48,14 @@ create_pty(untrusted_app)
 allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
 
+# b/18504118: Allow reads from /data/anr/traces.txt
+# TODO: We shouldn't be allowing all untrusted_apps to read
+# this file. This is only needed for the GMS feedback agent.
+# See also b/18340553. GMS runs as untrusted_app, and
+# it's too late to change the domain it runs in.
+# This line needs to be deleted.
+allow untrusted_app anr_data_file:file r_file_perms;
+
 #
 # Rules migrated from old app domains coalesced into untrusted_app.
 # This includes what used to be media_app, shared_app, and release_app.
-- 
GitLab