Switch to r_file_perms

The current rule is missing mmap. r_file_perm implicitly adds mmap, so we should just use that instead. Test: policy compiles. Change-Id: I4051d1eb4c36a2b6ff2b5f26ce53355287cbe2b4
2018-10-26 13:11:52 -07:00 · 2018-10-26 13:11:52 -07:00 · 0bfa7b5385
commit 0bfa7b5385
parent 3eae9de2e8
1 changed files with 1 additions and 1 deletions
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@ -108,7 +108,7 @@ allow untrusted_app_all preloads_data_file:dir search;
 # TODO (b/37784178) Consider creating  a special type for /vendor/app installed
 # apps.
 allow untrusted_app_all vendor_app_file:dir { open getattr read search };
-allow untrusted_app_all vendor_app_file:file { open getattr read execute };
+allow untrusted_app_all vendor_app_file:file { r_file_perms execute };
 allow untrusted_app_all vendor_app_file:lnk_file { open getattr read };

 # Write app-specific trace data to the Perfetto traced damon. This requires