On Jan 19, 2016 2:06 AM, "Inamdar Sharif" <[email protected]> wrote: > > I think we can make it generic in the AOSP policy itself.
Why would we do this? Nothing is broken on aosp. What evidence can you present that this is needed? > > > > From: William Roberts [mailto:[email protected]] > Sent: Monday, January 18, 2016 10:34 PM > To: Inamdar Sharif > Cc: [email protected] > Subject: Re: system_app to access media_rw_data_file > > > > > On Jan 18, 2016 8:58 AM, "Inamdar Sharif" <[email protected]> wrote: > > > > Hi Guys, > > > > > > > > While going through the policies, I came across media_rw_data_file > > > > > > > > Looking into the policies it seems that platform_app and untrusted_app has the following permission. > > > > allow platform_app media_rw_data_file:dir create_dir_perms; > > > > allow platform_app media_rw_data_file:file create_file_perms; > > > > > > > > allow untrusted_app media_rw_data_file:dir create_dir_perms; > > > > allow untrusted_app media_rw_data_file:file create_file_perms; > > > > > > > > But for system_app we don’t have such policies. If untrusted_app can access then system_app is much safer. > > Its about least permission which does not always correlate with safe. Apparently no system apps have needed permissions there so they were not allowed to do such. > > > > > I am not sure why we have not allowed it for system apps. Is there any specific reason?? > > They don't need it currently on any nexus device. However oems may have system apps that access this location, and thus their device policy takes care of it assuming no never allows are in place. > > > > > > > > Thanks. > > > > ________________________________ > > This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. > > ________________________________ > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
