diff options
author | Nick Kralevich <nnk@google.com> | 2014-07-16 09:38:06 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-16 09:41:51 -0700 |
commit | 5259c5e61625c4bd45b96c1712977dc2cde9e555 (patch) | |
tree | 4a7b4a28d2367728243207f6f6163103794c15a1 | |
parent | db416305ea18e15e2b917a2870fcd526ab4e615c (diff) | |
download | sepolicy-5259c5e61625c4bd45b96c1712977dc2cde9e555.tar.gz |
dex2oat: fix forward locked apps
dex2oat can't access file descriptors associated with asec_apk_files.
This breaks installing forward locked apps, and generates the following
denial:
type=1400 audit(0.0:18): avc: denied { read } for path="/mnt/asec/com.example.android.simplejni-1/pkg.apk" dev="dm-0" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file
Steps to reproduce:
$ adb install -r -l SimpleJNI.apk
Expected:
app installs
Actual:
app fails to install.
Change-Id: I5a468508014e9963460d13d78e1c4867187322b3
Bug: 16328233
-rw-r--r-- | dex2oat.te | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4,3 +4,6 @@ type dex2oat_exec, exec_type, file_type; allow dex2oat dalvikcache_data_file:file write; allow dex2oat installd:fd use; + +# Read already open asec_apk_file file descriptors passed by installd. +allow dex2oat asec_apk_file:file read; |