commit c9de5b531fa0b6db8f071c679e535eb086a523a6
author Ashwini Oruganti <ashfall@google.com> Tue Dec 17 15:18:53 2019 -0800
committer Ashwini Oruganti <ashfall@google.com> Wed Dec 18 22:15:08 2019 +0000
tree 2234b930397ab8681ba3988a0d2bca62d7a3d8dd
parent 4c78a608f9de64627d102f9bfa9a1b507df45a7a

gmscore_app: anr_data_file permissions

More historical context in http://b/18504118

This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggering.

Bug: 142672293
Test: TH
Change-Id: I5729b89af83090e6e31c012c8acb0f0114c87d3d

private/gmscore_app.te

diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 38238c8..daca057 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -129,3 +129,5 @@
 allow gmscore_app shell_data_file:file r_file_perms;
 allow gmscore_app shell_data_file:dir r_dir_perms;
 
+# b/18504118: Allow reads from /data/anr/traces.txt
+allow gmscore_app anr_data_file:file r_file_perms;

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index 3263877..e180b1d 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -95,6 +95,10 @@
 
 # b/18504118: Allow reads from /data/anr/traces.txt
 allow priv_app anr_data_file:file r_file_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+  auditallow priv_app anr_data_file:file r_file_perms;
+')
 
 # For AppFuse.
 allow priv_app vold:fd use;