diff options
author | Nick Kralevich <nnk@google.com> | 2016-03-21 18:15:05 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2016-03-22 10:03:41 -0700 |
commit | af3ca33f612a764301fb294513320091c23a2966 (patch) | |
tree | 4af5ae94b4c4db61a94566345db0970d54cbbe88 | |
parent | 0792d8a0f22ed444d2dc49e5bffa3c0e436c6ac5 (diff) | |
download | sepolicy-af3ca33f612a764301fb294513320091c23a2966.tar.gz |
global_macros: Allow directory locking
See https://groups.google.com/d/msg/android-ndk/BbEOA9pnR-I/HgLkGy5qAgAJ
Addresses the following denial:
avc: denied { lock } for path="/data/data/com.mypackage/files/somefilename" dev="mmcblk0p28" ino=114736 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
While I'm here, also add lock to w_file_perms.
(cherrypicked from commit 4ee494cce1670e6883fb56cea96aa6bab10a4523)
Change-Id: I2568a228099c4e112e4a8b80da3bfcf2e35eb0ea
-rw-r--r-- | global_macros | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/global_macros b/global_macros index e840d56..0534e46 100644 --- a/global_macros +++ b/global_macros @@ -20,15 +20,15 @@ define(`ipc_class_set', `{ sem msgq shm ipc }') # define(`x_file_perms', `{ getattr execute execute_no_trans }') define(`r_file_perms', `{ getattr open read ioctl lock }') -define(`w_file_perms', `{ open append write }') +define(`w_file_perms', `{ open append write lock }') define(`rx_file_perms', `{ r_file_perms x_file_perms }') define(`ra_file_perms', `{ r_file_perms append }') define(`rw_file_perms', `{ r_file_perms w_file_perms }') define(`rwx_file_perms', `{ rw_file_perms x_file_perms }') define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }') -define(`r_dir_perms', `{ open getattr read search ioctl }') -define(`w_dir_perms', `{ open search write add_name remove_name }') +define(`r_dir_perms', `{ open getattr read search ioctl lock }') +define(`w_dir_perms', `{ open search write add_name remove_name lock }') define(`ra_dir_perms', `{ r_dir_perms add_name write }') define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }') define(`create_dir_perms', `{ create reparent rename rmdir setattr rw_dir_perms }') |