070f562533
We do a bit more work checks in the runtime for the profiles and call
stat on the files to see if they exists and their are not empty.
SElinux error
[ 297.842210] type=1400 audit(1459106986.097:7): avc: denied { getattr
} for pid=4504 comm="profman"
path="/data/misc/profiles/cur/0/com.google.android.youtube/primary.prof"
dev="dm-1" ino=636936 scontext=u:r:profman:s0
tcontext=u:object_r:user_profile_data_file:s0:c512,c768 tclass=file
permissive=0
Bug: 27860201
Change-Id: Ic97882e6057a4b5c3a16089b9b99b64bc1a3cd98
10 lines
238 B
Plaintext
10 lines
238 B
Plaintext
# profman
|
|
type profman, domain;
|
|
type profman_exec, exec_type, file_type;
|
|
|
|
allow profman user_profile_data_file:file { getattr read write lock };
|
|
|
|
allow profman installd:fd use;
|
|
|
|
neverallow profman app_data_file:notdevfile_class_set open;
|