Allow app-app communication via pipes
Allow apps to communicate with each other via pipes.
In particular, this fixes a bug where printing from Chrome wasn't
working.
STEPS TO REPRODUCE:
1. Launch Chrome
2. From menu tap print and observe
OR
1. Launch Drive, Select any file (*.txt, *.doc. *.pdf.........)
2. Select print
Addresses the following denials:
<5>[ 122.352797] type=1400 audit(1386363998.374:18): avc: denied { write } for pid=3786 comm=4173796E635461736B202332 path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:untrusted_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file
<5>[ 123.248363] type=1400 audit(1386363999.264:19): avc: denied { getattr } for pid=2677 comm=".android.chrome" path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:untrusted_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file
<5>[ 123.248620] type=1400 audit(1386363999.264:20): avc: denied { write } for pid=3308 comm="ChildProcessMai" path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:isolated_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file
Bug: 12032455
Change-Id: Ic1cb5c1d42596f5a8fc3fe82fcbfe47aa43a7d6c
diff --git a/app.te b/app.te
index 6e95ffb..cf918a1 100644
--- a/app.te
+++ b/app.te
@@ -24,6 +24,9 @@
allow appdomain system_server:unix_stream_socket { read write setopt };
binder_call(appdomain, system_server)
+# Communication with other apps via fifos
+allow appdomain appdomain:fifo_file rw_file_perms;
+
# Communicate with surfaceflinger.
allow appdomain surfaceflinger:unix_stream_socket { read write setopt };
binder_call(appdomain, surfaceflinger)