Allow apps to use mmap on fuse fds.
This is needed for the following denial: type=1400 audit(0.0:124): avc: denied { map } for comm=54696D652D6C696D69746564207465 path="/mnt/appfuse/10182_2/2" dev="fuse" ino=2 scontext=u:r:untrusted_app:s0:c182,c256,c512,c768 tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0 Bug: 150801745 Test: atest CtsBlobStoreTestCases:com.android.cts.blob.BlobStoreManagerTest#testOpenBlob -- --abi x86 Merged-In: Ib7ca64e11b24f8835874698df15a9a0fdce67454 Change-Id: I4dc4ce91da3513a2d1f08ada401741f6d5a090c3
This commit is contained in:
parent
4e47834266
commit
975215578f
@ -317,7 +317,7 @@ allow appdomain same_process_hal_file:file { execute read open getattr map };
|
||||
allow appdomain proc_meminfo:file r_file_perms;
|
||||
|
||||
# For app fuse.
|
||||
allow appdomain app_fuse_file:file { getattr read append write };
|
||||
allow appdomain app_fuse_file:file { getattr read append write map };
|
||||
|
||||
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
|
||||
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
|
||||
|
Loading…
Reference in New Issue
Block a user