From fc4c6b798a0c8ff38b4b943209ba1653a0276dfa Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Thu, 23 Jan 2014 10:05:28 -0500
Subject: [PATCH] Allow all appdomains to grab file attributes of
 wallpaper_file.

When setting a static wallpaper on multiple devices the
following denials were encountered.
   avc:  denied  { getattr } for  pid=1775 comm="llpaper_chooser" path="/data/system/users/0/wallpaper" dev="mmcblk0p23" ino=104679 scontext=u:r:shared_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file
   avc:  denied  { getattr } for  pid=799 comm="ndroid.systemui" path="/data/system/users/0/wallpaper" dev="mmcblk0p23" ino=104679 scontext=u:r:platform_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file
   avc:  denied  { getattr } for  pid=1909 comm=4173796E635461736B202332 path="/data/system/users/0/wallpaper" dev="mmcblk0p28" ino=586422 scontext=u:r:release_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file

platform_app access is from the SystemUI app whereas the other
denials are from the Launcher that is used on the particular
device. For instance, Launcher2 triggers the shared_app denial
whereas release_app (used by Launcher3) triggers the other denial.
Because of this, add the rule to all appdomains.

The static wallpaper is still set without this change. Just add
the rule to avoid the noise in the logs.

Change-Id: Ida84d1695d52379d67b87318403f629fd07109a4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.te b/app.te
index b6701693b..1aee3ac5d 100644
--- a/app.te
+++ b/app.te
@@ -69,7 +69,7 @@ allow appdomain shell_exec:file rx_file_perms;
 allow appdomain system_file:file rx_file_perms;
 
 # Read/write wallpaper file (opened by system).
-allow appdomain wallpaper_file:file { read write };
+allow appdomain wallpaper_file:file { getattr read write };
 
 # Write to /data/anr/traces.txt.
 allow appdomain anr_data_file:dir search;
-- 
GitLab