Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 48b18832c476f0bd8fcb8ee3e308258392f36aaf^! / . / file_contexts
commit48b18832c476f0bd8fcb8ee3e308258392f36aaf[log] [tgz]
authorRobert Craig <rpcraig@tycho.ncsc.mil>Tue Feb 04 11:36:41 2014 -0500
committerNick Kralevich <nnk@google.com>Tue Feb 11 17:08:10 2014 +0000
tree6e0be59d71a71598b0b6c05df1e8e84c5d2bbfc2
parente21871c8b7250f5dfc746298ab170a869e6be94d [diff] [blame]
Introduce asec_public_file type.

This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

diff --git a/file_contexts b/file_contexts
index 35dee30..1763a7b 100644
--- a/file_contexts
+++ b/file_contexts

@@ -224,5 +224,7 @@
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
 #############################
 # asec containers
-/mnt/asec(/.*)?         u:object_r:asec_apk_file:s0
-/data/app-asec(/.*)?    u:object_r:asec_image_file:s0
+/mnt/asec(/.*)?           u:object_r:asec_apk_file:s0
+/mnt/asec/[^/]+/res.zip   u:object_r:asec_public_file:s0
+/mnt/asec/[^/]+/lib(/.*)? u:object_r:asec_public_file:s0
+/data/app-asec(/.*)?      u:object_r:asec_image_file:s0