Allow untrusted_app access to temporary apk files.
Before actual installation, apks are put in a staging area where they are scanned by a verifier before completing the install flow. This verifier runs as a priv-app, which is in the untrusted_app domain. Allow untrusted_app read-access to these files. Bug: 16515815 Change-Id: Ifedc12a33b1f53b62f45013e7b253dbc79b02a4e
This commit is contained in:
parent
3fe1bcbb8d
commit
fbbe9e9117
@ -95,3 +95,7 @@ neverallow untrusted_app service_manager_type:service_manager add;
|
||||
neverallow untrusted_app property_socket:sock_file write;
|
||||
neverallow untrusted_app init:unix_stream_socket connectto;
|
||||
neverallow untrusted_app property_type:property_service set;
|
||||
|
||||
# Allow verifier to access staged apks.
|
||||
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
|
||||
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
|
Loading…
Reference in New Issue
Block a user