Add permissions back to app / shell domains
Allow directory reads to allow tab completion in rootfs to work. "pm" is crashing due to failure to access /data/dalvik-cache. Add back in the permissions from domain_deprecated. Allow /sdcard to work again. Bug: 25954400 Change-Id: I48cfa92fabfa47ed3007a63b85284659ba94ea73
This commit is contained in:
parent
d618eb6f9c
commit
8ff6a86da5
10
app.te
10
app.te
@ -29,6 +29,16 @@ allow appdomain zygote:process sigchld;
|
||||
allow appdomain cgroup:dir { search write };
|
||||
allow appdomain cgroup:file w_file_perms;
|
||||
|
||||
# Read /data/dalvik-cache.
|
||||
allow appdomain dalvikcache_data_file:dir { search getattr };
|
||||
allow appdomain dalvikcache_data_file:file r_file_perms;
|
||||
|
||||
# Read the /sdcard symlink
|
||||
allow appdomain rootfs:lnk_file r_file_perms;
|
||||
|
||||
# Search /storage/emulated tmpfs mount.
|
||||
allow appdomain tmpfs:dir r_dir_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Notify zygote of the wrapped process PID when using --invoke-with.
|
||||
allow appdomain zygote:fifo_file write;
|
||||
|
3
shell.te
3
shell.te
@ -25,6 +25,9 @@ userdebug_or_eng(`
|
||||
allow shell adbd:fd use;
|
||||
allow shell adbd:unix_stream_socket { read write ioctl getattr };
|
||||
|
||||
# Root fs.
|
||||
allow shell rootfs:dir r_dir_perms;
|
||||
|
||||
# read files in /data/anr
|
||||
allow shell anr_data_file:dir r_dir_perms;
|
||||
allow shell anr_data_file:file r_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user