Merge "Allow adbd to pull apexes from /data/apex/active"
This commit is contained in:
commit
2bac3f308d
@ -209,6 +209,10 @@ allow adbd shell:fd use;
|
||||
allow adbd vendor_apex_file:dir search;
|
||||
allow adbd vendor_apex_file:file r_file_perms;
|
||||
|
||||
# Allow adb pull of updated apex files in /data/apex/active.
|
||||
allow adbd apex_data_file:dir search;
|
||||
allow adbd staging_data_file:file r_file_perms;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
@ -201,7 +201,7 @@ neverallow {
|
||||
# do not change between system_server staging the files and apexd processing
|
||||
# the files.
|
||||
neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename -priv_app } staging_data_file:dir *;
|
||||
neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *;
|
||||
neverallow { domain -init -system_app -system_server -apexd -adbd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *;
|
||||
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
|
||||
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
|
||||
# except for `link` and `unlink`.
|
||||
|
Loading…
Reference in New Issue
Block a user