commit 91d398d802b4fbd33c2b88da9f56ecee8bdc363c
author Dan Cashman <dcashman@google.com> Tue Sep 26 12:58:29 2017 -0700
committer Dan Cashman <dcashman@google.com> Tue Sep 26 14:38:47 2017 -0700
tree ae80a698d8f48b79a749eb9d0b1668402614c1d0
parent 6922dfe3661ca7c4043f6ef9c6c61fdb9c7fa89a

Sync internal master and AOSP sepolicy.

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

private/untrusted_app_all.te

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index fc80129..cce589e 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -41,6 +41,9 @@
 allow untrusted_app_all shell_data_file:file r_file_perms;
 allow untrusted_app_all shell_data_file:dir r_dir_perms;
 
+# Allow to read staged apks.
+allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr};
+
 # Read and write system app data files passed over Binder.
 # Motivating case was /data/data/com.android.settings/cache/*.jpg for
 # cropping or taking user photos.
@@ -70,7 +73,6 @@
 allow untrusted_app_all mediacodec_service:service_manager find;
 allow untrusted_app_all mediametrics_service:service_manager find;
 allow untrusted_app_all mediadrmserver_service:service_manager find;
-allow untrusted_app_all mediacasserver_service:service_manager find;
 allow untrusted_app_all nfc_service:service_manager find;
 allow untrusted_app_all radio_service:service_manager find;
 allow untrusted_app_all surfaceflinger_service:service_manager find;