diff options
author | Daichi Hirono <hirono@google.com> | 2016-03-22 17:14:30 +0900 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2016-03-28 00:06:45 +0000 |
commit | 4d19f98c728373860c5628d46fe5f4d664c601d2 (patch) | |
tree | e6786e48e023a997cfc0937de8115a6f020b0cef | |
parent | 0144eedba57cc078112f95ca66d827f98ecf4a5b (diff) | |
download | sepolicy-4d19f98c728373860c5628d46fe5f4d664c601d2.tar.gz |
Add mlstrustedobject to appfuse object type.
To write bytes to appfuse file from priv_app, we need to specify
mlstrustedobject.
The CL fixes the following denial.
type=1400 audit(0.0:77): avc: denied { write } for name="10" dev="fuse" ino=10 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0
BUG=23093747
Change-Id: I9901033bb3349d5def0bd7128db45a1169856dc1
-rw-r--r-- | file.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -181,7 +181,7 @@ type bluetooth_efs_file, file_type; # Type for fingerprint template file. type fingerprintd_data_file, file_type, data_file_type; # Type for appfuse file. -type app_fuse_file, file_type, data_file_type; +type app_fuse_file, file_type, data_file_type, mlstrustedobject; # Socket types type adbd_socket, file_type; |