Allow untrusted_app access to temporary apk files.

Before actual installation, apks are put in a staging area where they are scanned by a verifier before completing the install flow. This verifier runs as a priv-app, which is in the untrusted_app domain. Allow untrusted_app read-access to these files. Bug: 16515815 Change-Id: Ifedc12a33b1f53b62f45013e7b253dbc79b02a4e

Allow untrusted_app access to temporary apk files.
fbbe9e91 · dcashman · 3fe1bcbb · fbbe9e91
Commit fbbe9e91 authored 10 years ago by dcashman
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -95,3 +95,7 @@ neverallow untrusted_app service_manager_type:service_manager add;
 neverallow untrusted_app property_socket:sock_file write;
 neverallow untrusted_app init:unix_stream_socket connectto;
 neverallow untrusted_app property_type:property_service set;
+
+# Allow verifier to access staged apks.
+allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
+allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
\ No newline at end of file