PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add dac_read_search to apexd to prevent spurious denials.

Browse Source 
As apexd now has dac_override, it should also have dac_read_search to
avoid spurious denials.

Bug: 141148175
Test: Build, run apex installation, check denials.
Change-Id: I179c05b36ae0fe62d943ca59ee7f8158507f1f10
This commit is contained in:
Oli Lan 2020-01-30 18:43:38 +00:00
parent 1a775e077b
commit 7e346c98fc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
private/apexd.te
View File

@ -45,7 +45,7 @@ allow apexd dm_device:blk_file rw_file_perms;
# sys_admin is required to access the device-mapper and mount
# dac_override, chown, and fowner are needed for snapshot and restore
allow apexd self:global_capability_class_set { sys_admin chown dac_override fowner };
allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner };
# Note: fsetid is deliberately not included above. fsetid checks are
# triggered by chmod on a directory or file owned by a group other