7bb2a55c47
/data/security is another location that policy files can reside. In fact, these policy files take precedence over their rootfs counterparts under certain circumstances. Give the appropriate players the rights to read these policy files. Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
# installer daemon
|
|
type installd, domain;
|
|
type installd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(installd)
|
|
typeattribute installd mlstrustedsubject;
|
|
allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
|
|
allow installd system_data_file:file create_file_perms;
|
|
allow installd system_data_file:lnk_file create;
|
|
allow installd dalvikcache_data_file:file create_file_perms;
|
|
allow installd data_file_type:dir create_dir_perms;
|
|
allow installd data_file_type:dir { relabelfrom relabelto };
|
|
allow installd data_file_type:{ file lnk_file } { getattr unlink };
|
|
allow installd apk_data_file:file r_file_perms;
|
|
allow installd apk_tmp_file:file r_file_perms;
|
|
allow installd system_file:file x_file_perms;
|
|
allow installd cgroup:dir create_dir_perms;
|
|
dontaudit installd self:capability sys_admin;
|
|
# Check validity of SELinux context before use.
|
|
selinux_check_context(installd)
|
|
# Read /seapp_contexts and /data/security/seapp_contexts
|
|
security_access_policy(installd)
|
|
# ASEC
|
|
allow installd platform_app_data_file:lnk_file { create setattr };
|
|
allow installd app_data_file:lnk_file { create setattr };
|
|
allow installd asec_apk_file:file r_file_perms;
|