Fix compile time / CTS gps_data_files neverallow assertion Currently, zygote spawned apps are prohibited from modifying GPS data files. If someone tries to allow GPS access to any app domain, it generates a compile time / CTS exception. Relax the rules slightly for system_app. These apps run with UID=system, and shouldn't be banned from handling gps data files. This change doesn't add or remove any SELinux rules. Rather, it just relaxes a compile time assertion, allow partners to create SELinux rules allowing the access if they desire. Bug: 18021422 Change-Id: Iad0c6a3627efe129246e2c817f6f71d2735eba93

commit: 480374e4d082238a71773f29483c5d24ad8b3f6d [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Oct 16 15:00:19 2014 -0700
committer: Nick Kralevich <nnk@google.com> Thu Oct 16 22:31:39 2014 +0000
tree: 65200f64c8a5dae57f92fe28252e0ea1df325378
parent: 51bfecf49d50982f64aba1fa73bbbdd2e40a444f [diff]
diff --git a/app.te b/app.te
index b3082fb..b9027fe 100644
--- a/app.te
+++ b/app.te

@@ -298,7 +298,8 @@
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow appdomain gps_data_file:dir_file_class_set
+neverallow { appdomain -system_app }
+    gps_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
     apk_data_file:dir_file_class_set
commit	480374e4d082238a71773f29483c5d24ad8b3f6d	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Oct 16 15:00:19 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Oct 16 22:31:39 2014 +0000
tree	65200f64c8a5dae57f92fe28252e0ea1df325378
parent	51bfecf49d50982f64aba1fa73bbbdd2e40a444f [diff]