On 06/23/2016 12:58 AM, Inamdar Sharif wrote:
> Hi,
>
>
>
> I saw in AOSP that we have removed the below access:
>
> allow domain system_data_file:file { getattr read };
>
>
>
> The same rule is present in domain_deprecated.
>
> allow domain_deprecated system_data_file:file { getattr read };
>
>
>
> We should consider moving this rule back to domain.te back as this
> required for file access.
The question is whether it is truly required for all domains. If not,
then it is better to add it back only for those domains which truly
require it. Also, you should consider whether the files in question
should stay in system_data_file or get a more specific type.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
