diff options
author | Nick Kralevich <nnk@google.com> | 2014-11-07 16:21:42 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-11-10 11:33:45 -0800 |
commit | b793492288b8272aeda12e1b139c060397e7cd7e (patch) | |
tree | f582d73a99d67e263d08e13aa1bae98b691cbdfc | |
parent | 7cd346a70eecf45363e3368ba99b728832b9a902 (diff) | |
download | sepolicy-b793492288b8272aeda12e1b139c060397e7cd7e.tar.gz |
allow run-as to access /data/local/tmp
Otherwise denials like the following occur:
avc: denied { write } for path="/data/local/tmp/foo" dev="dm-0" ino=325769 scontext=u:r:runas:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
avc: denied { read } for path="/data/local/tmp/foo" dev="dm-0" ino=325769 scontext=u:r:runas:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
Steps to reproduce:
$ run-as com.google.android.talk id > /data/local/tmp/id.out
$ run-as com.google.android.talk cat < /data/local/tmp/id.out
(cherry picked from commit dd8571aa24b40add3ae78063228e61c3d1682020)
Change-Id: I80bb26e06d932229c286f0389f28ad6868d79100
-rw-r--r-- | runas.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -7,6 +7,7 @@ allow runas adbd:process sigchld; allow runas shell:fd use; allow runas shell:fifo_file { read write }; allow runas devpts:chr_file { read write ioctl }; +allow runas shell_data_file:file { read write }; # run-as reads package information. allow runas system_data_file:file r_file_perms; |