Split preloads into media_file and data_file Untrusted apps should only access /data/preloads/media and demo directory. Bug: 36197686 Test: Verified retail mode. Checked non-privileged APK cannot access /data/preloads Change-Id: I8e9c21ff6aba799aa31bf06893cdf60dafc04446

commit: b238fe666212ce86fe3fe1521e9692a361a53047 [log] [tgz]
author: Fyodor Kupolov <fkupolov@google.com> Tue Mar 14 11:42:03 2017 -0700
committer: Fyodor Kupolov <fkupolov@google.com> Wed Mar 15 00:49:37 2017 +0000
tree: 01eff8e974e399a8ab9812f383bf98bc4b4fbfd7
parent: 41518bec2508c85eb8797980321d3912b4598261 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index d78c576..f25e8ce 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -599,6 +599,8 @@
 # Access to /data/preloads
 allow system_server preloads_data_file:file { r_file_perms unlink };
 allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
+allow system_server preloads_media_file:file { r_file_perms unlink };
+allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
 allow system_server ion_device:chr_file r_file_perms;
commit	b238fe666212ce86fe3fe1521e9692a361a53047	[log] [tgz]
author	Fyodor Kupolov <fkupolov@google.com>	Tue Mar 14 11:42:03 2017 -0700
committer	Fyodor Kupolov <fkupolov@google.com>	Wed Mar 15 00:49:37 2017 +0000
tree	01eff8e974e399a8ab9812f383bf98bc4b4fbfd7
parent	41518bec2508c85eb8797980321d3912b4598261 [diff] [blame]