In the app data file, there is lib direction: lib ->
/data/app-lib/com.android.providers.settings.
For example if a process has domain A_domain.
There is a requirement that allow A_domian open lib and create file inside
it.
To implement the requirement , we need two part of policy.
One part is : allow A_domian system_app_data_file :lnk_file {open,
read,getattr}
another part is: allow A_domian system_data_file: file create_file_perms
allow A_domian system_data_file: dir {write,
add_name}
requirement------------- I want to open link and create file inside it.
policy----------------------I should have allow rule
to open and read link.
------------------------------And I also should have allow rules to
open and write dir which the link pointed to.
two part policy is needed to implement the requirement
Is that right?
I am looking forward to your answer. Thanks advance.
