Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 476c207840227aba998878179c7869a2c5ef5a7e^! / .
commit476c207840227aba998878179c7869a2c5ef5a7e[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Tue Sep 30 11:12:55 2014 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Tue Sep 30 11:12:55 2014 -0400
treea99bf1c7ff5e2a318df72dac692d99137144171f
parent8a0c25efb0553576afadc157b86b65eedf2ef917 [diff]
Mark asec_apk_file as mlstrustedobject.

Resolves denials such as:
avc:  denied  { write } for  pid=1546 comm="Binder_1" name="/" dev="dm-0" ino=2 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir

This is required to install a forward-locked app.

Change-Id: I2b37a56d087bff7baf82c738896d9563f0ab4fc4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/file.te b/file.te
index 39b3d07..cc11677 100644
--- a/file.te
+++ b/file.te

@@ -111,7 +111,7 @@
 # Type for wallpaper file.
 type wallpaper_file, file_type, mlstrustedobject;
 # /mnt/asec
-type asec_apk_file, file_type, data_file_type;
+type asec_apk_file, file_type, data_file_type, mlstrustedobject;
 # Elements of asec files (/mnt/asec) that are world readable
 type asec_public_file, file_type, data_file_type;
 # /data/app-asec