Skip to content
Snippets Groups Projects
Commit e98cda25 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Grant apps write access to returned vfat FDs. 

Users can pick files from vfat devices through the Storage Access
Framework, which are returned through ParcelFileDescriptors.  Grant
apps write access to those files.  (Direct access to the files on
disk is still controlled through normal filesystem permissions.)

avc: denied { write } for pid=3235 comm="Binder_1" path=2F6D6E742F6D656469615F72772F373243322D303446392F6D656F772F6D79206469722F706963322E706E67 dev="sdb1" ino=87 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vfat:s0 tclass=file

Bug: 19993667
Change-Id: I24b4d8826f0a35825b2abc63d1cfe851e1c1bfe9
parent c9036fb1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 1 deletion
app.te
+ 2
1
View file @ e98cda25
...@@ -147,8 +147,9 @@ allow appdomain fuse:dir create_dir_perms; ...@@ -147,8 +147,9 @@ allow appdomain fuse:dir create_dir_perms;
allow appdomain fuse:file create_file_perms; allow appdomain fuse:file create_file_perms;
# Access OBBs (vfat images) mounted by vold (b/17633509) # Access OBBs (vfat images) mounted by vold (b/17633509)
# File write access allowed for FDs returned through Storage Access Framework
allow appdomain vfat:dir r_dir_perms; allow appdomain vfat:dir r_dir_perms;
allow appdomain vfat:file r_file_perms; allow appdomain vfat:file rw_file_perms;
# Allow apps to use the USB Accessory interface. # Allow apps to use the USB Accessory interface.
# http://developer.android.com/guide/topics/connectivity/usb/accessory.html # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment