Don't open appfuse files in apps.
Previously we published appfuse mount points to apps and apps open appfuse file by themselves. We changed the design and we don't allow apps to access appfuse mount point. Instead system server opens a file on appfuse mount points and passes FD to apps. The change updates apps and system server policies to adopt new design. Bug: 29970149 Test: None Change-Id: I0b35fee9816f61565705eecb88a472754ccffdca
This commit is contained in:
parent
828433c892
commit
7ae1d23745
@ -252,8 +252,7 @@ allow { appdomain -isolated_app } hal_graphics_allocator:fd use;
|
||||
allow appdomain proc_meminfo:file r_file_perms;
|
||||
|
||||
# For app fuse.
|
||||
allow appdomain app_fuse_file:dir rw_dir_perms;
|
||||
allow appdomain app_fuse_file:file rw_file_perms;
|
||||
allow appdomain app_fuse_file:file { getattr read append write };
|
||||
|
||||
###
|
||||
### CTS-specific rules
|
||||
|
@ -559,6 +559,8 @@ userdebug_or_eng(`
|
||||
# For AppFuse.
|
||||
allow system_server vold:fd use;
|
||||
allow system_server fuse_device:chr_file { read write ioctl getattr };
|
||||
allow system_server app_fuse_file:dir rw_dir_perms;
|
||||
allow system_server app_fuse_file:file { read write open getattr append };
|
||||
|
||||
# For configuring sdcardfs
|
||||
allow system_server configfs:dir { create_dir_perms };
|
||||
|
Loading…
Reference in New Issue
Block a user