[PATCH 1/2] read permission over lnk_file to devices when android_cts enabled

[PATCH 1/2] read permission over lnk_file to devices when android_cts enabled

[Haiqing Jiang]

---
 cts.te |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/cts.te b/cts.te
index 489be1a..3371410 100644
--- a/cts.te
+++ b/cts.te
@@ -31,6 +31,9 @@ allow appdomain system_file:file rx_file_perms;
 allow appdomain apk_tmp_file:file rw_file_perms;
 allow appdomain shell_data_file:file r_file_perms;
 
+# Read permission over link file to devices.
+allow appdomain dev_type:lnk_file read;
+
 # Read routing information.
 allow netdomain self:netlink_route_socket { create read write nlmsg_read };
 
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH 2/2] untrusted_app reads logs when android_cts enabled

[Haiqing Jiang]

---
 app.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/app.te b/app.te
index b9b5a17..8b1aa53 100644
--- a/app.te
+++ b/app.te
@@ -120,6 +120,10 @@ bool app_ndk false;
 if (app_ndk or android_cts) {
 allow untrusted_app system_data_file:file { execute open };
 }
+# Read Logs
+if (android_cts) {
+allow untrusted_app log_device:chr_file read;
+}
 
 #
 # Rules for all app domains.
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.