sepolicy: allow system apps to access ASEC

Required for Settings to show name/icon of apps on sd card (permission copied from untrusted_app) Also removed duplicate permission (from domain) in untrusted_app (cherry picked from commit c06ed8f) Bug: 18730865 Change-Id: I725d088d1d4a1256e3bfe49bc32796a54889f925
mozilla-b2g · Dec 12, 2014 · 9d94204 · 9d94204
1 parent 6e12daf
commit 9d94204
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/system_app.te b/system_app.te
@@ -45,6 +45,9 @@ allow system_app logd_prop:property_service set;
 allow system_app anr_data_file:dir ra_dir_perms;
 allow system_app anr_data_file:file create_file_perms;
 
+# Settings need to access app name and icon from asec
+allow system_app asec_apk_file:file r_file_perms;
+
 allow system_app system_app_service:service_manager add;
 
 allow system_app keystore:keystore_key {

diff --git a/untrusted_app.te b/untrusted_app.te
@@ -32,7 +32,6 @@ allow untrusted_app app_data_file:file { rx_file_perms execmod };
 allow untrusted_app tun_device:chr_file rw_file_perms;
 
 # ASEC
-allow untrusted_app asec_apk_file:dir { getattr };
 allow untrusted_app asec_apk_file:file r_file_perms;
 # Execute libs in asec containers.
 allow untrusted_app asec_public_file:file { execute execmod };