headers
Haiqing Jiang | 30 Jul 2012 20:24
Picon

[PATCH 1/2] read permission over lnk_file to devices when android_cts enabled

---
 cts.te |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/cts.te b/cts.te
index 489be1a..3371410 100644
--- a/cts.te
+++ b/cts.te
 <at>  <at>  -31,6 +31,9  <at>  <at>  allow appdomain system_file:file rx_file_perms;
 allow appdomain apk_tmp_file:file rw_file_perms;
 allow appdomain shell_data_file:file r_file_perms;

+# Read permission over link file to devices.
+allow appdomain dev_type:lnk_file read;
+
 # Read routing information.
 allow netdomain self:netlink_route_socket { create read write nlmsg_read };

--

-- 
1.7.0.4
Permalink | Reply |
headers
Haiqing Jiang | 30 Jul 2012 20:24
Picon

[PATCH 2/2] untrusted_app reads logs when android_cts enabled

---
 app.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/app.te b/app.te
index b9b5a17..8b1aa53 100644
--- a/app.te
+++ b/app.te
 <at>  <at>  -120,6 +120,10  <at>  <at>  bool app_ndk false;
 if (app_ndk or android_cts) {
 allow untrusted_app system_data_file:file { execute open };
 }
+# Read Logs
+if (android_cts) {
+allow untrusted_app log_device:chr_file read;
+}

 #
 # Rules for all app domains.
--

-- 
1.7.0.4
Permalink | Reply |

Gmane