Allow system_server to read apex_data_file.
For consistency with APKs, signature verification is performed in the system_server. This includes checking that the signature of an updated install matches the signature of the active package that it updates. For this, it requires search access to /data/apex and read access to the files under that directory. Test: m Change-Id: Ia073adb8892886e4767fa5529e95c110b9cbff1b
This commit is contained in:
parent
4d399f606f
commit
9f343b32be
@ -68,5 +68,5 @@ allow apexd sysfs_loop:file rw_file_perms;
|
||||
dontaudit apexd self:global_capability_class_set { dac_override dac_read_search };
|
||||
|
||||
neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init -kernel } apex_data_file:file no_rw_file_perms;
|
||||
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
|
||||
neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
|
||||
|
@ -963,6 +963,13 @@ allow system_server system_server_startup:unix_dgram_socket write;
|
||||
allow system_server apex_service:service_manager find;
|
||||
allow system_server apexd:binder call;
|
||||
|
||||
# Allow the system server to read files under /data/apex. The system_server
|
||||
# needs these privileges to compare file signatures while processing installs.
|
||||
#
|
||||
# Only apexd is allowed to create new entries or write to any file under /data/apex.
|
||||
allow system_server apex_data_file:dir search;
|
||||
allow system_server apex_data_file:file r_file_perms;
|
||||
|
||||
# dexoptanalyzer is currently used only for secondary dex files which
|
||||
# system_server should never access.
|
||||
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user