Merge "Change security policy so all apps can read /dev/xt_qtaguid."
This commit is contained in:
commit
c57dbccb50
9
app.te
9
app.te
@ -24,8 +24,6 @@ allow platform_app shell_data_file:file { open getattr read };
|
|||||||
allow platform_app shell_data_file:lnk_file read;
|
allow platform_app shell_data_file:lnk_file read;
|
||||||
# Populate /data/app/vmdl*.tmp file created by system server.
|
# Populate /data/app/vmdl*.tmp file created by system server.
|
||||||
allow platform_app apk_tmp_file:file rw_file_perms;
|
allow platform_app apk_tmp_file:file rw_file_perms;
|
||||||
# Read /dev/xt_qtaguid
|
|
||||||
allow platform_app qtaguid_device:chr_file r_file_perms;
|
|
||||||
# ASEC
|
# ASEC
|
||||||
allow platform_app asec_apk_file:dir create_dir_perms;
|
allow platform_app asec_apk_file:dir create_dir_perms;
|
||||||
allow platform_app asec_apk_file:file create_file_perms;
|
allow platform_app asec_apk_file:file create_file_perms;
|
||||||
@ -43,8 +41,6 @@ allow media_app mtp_device:chr_file rw_file_perms;
|
|||||||
# Write to /cache.
|
# Write to /cache.
|
||||||
allow media_app cache_file:dir rw_dir_perms;
|
allow media_app cache_file:dir rw_dir_perms;
|
||||||
allow media_app cache_file:file create_file_perms;
|
allow media_app cache_file:file create_file_perms;
|
||||||
# Read /dev/xt_qtaguid
|
|
||||||
allow media_app qtaguid_device:chr_file r_file_perms;
|
|
||||||
|
|
||||||
# Apps signed with the shared key.
|
# Apps signed with the shared key.
|
||||||
type shared_app, domain;
|
type shared_app, domain;
|
||||||
@ -69,8 +65,6 @@ net_domain(release_app)
|
|||||||
bluetooth_domain(release_app)
|
bluetooth_domain(release_app)
|
||||||
# Read logs.
|
# Read logs.
|
||||||
allow release_app log_device:chr_file read;
|
allow release_app log_device:chr_file read;
|
||||||
# Read /dev/xt_qtaguid
|
|
||||||
allow release_app qtaguid_device:chr_file r_file_perms;
|
|
||||||
|
|
||||||
# Services with isolatedProcess=true in their manifest.
|
# Services with isolatedProcess=true in their manifest.
|
||||||
# In order for isolated_apps to interact with apps that have levelFromUid=true
|
# In order for isolated_apps to interact with apps that have levelFromUid=true
|
||||||
@ -185,6 +179,9 @@ allow appdomain anr_data_file:file { open append };
|
|||||||
|
|
||||||
# Write to /proc/net/xt_qtaguid/ctrl file.
|
# Write to /proc/net/xt_qtaguid/ctrl file.
|
||||||
allow appdomain qtaguid_proc:file rw_file_perms;
|
allow appdomain qtaguid_proc:file rw_file_perms;
|
||||||
|
# Everybody can read the xt_qtaguid resource tracking misc dev.
|
||||||
|
# So allow all apps to read from /dev/xt_qtaguid.
|
||||||
|
allow appdomain qtaguid_device:chr_file r_file_perms;
|
||||||
|
|
||||||
# Use the Binder.
|
# Use the Binder.
|
||||||
binder_use(appdomain)
|
binder_use(appdomain)
|
||||||
|
Loading…
Reference in New Issue
Block a user