Add the ability to write shell files to the untrusted_app domain.

Bug: 10290009 Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b (cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
2013-08-16 15:51:21 -07:00 · 2013-08-16 15:51:21 -07:00 · 29d0d40668
commit 29d0d40668
parent ab7dfabb61
1 changed files with 4 additions and 1 deletions
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -44,5 +44,8 @@ allow untrusted_app devpts:chr_file rw_file_perms;
 # running "adb install foo.apk".
 # TODO: Long term, we don't want apps probing into shell data files.
 # Figure out a way to remove these rules.
-allow untrusted_app shell_data_file:file r_file_perms;
+# XXX Adding writing to shell_data_file to fix 10290009; this needs a real fix,
+# as allowing apps to write shell data files is a significant possible security
+# vuln
+allow untrusted_app shell_data_file:file rw_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;