On Wed, 2017-06-14 at 11:24 +0800, peng fei wrote:
> In the app data file, there is lib direction: lib -> /data/app-
> lib/com.android.providers.settings.
> For example if a process has domain A_domain.
> There is a requirement that allow A_domian open lib and create file
> inside it.
>
> To implement the requirement , we need two part of policy.
> One part is : allow A_domian system_app_data_file :lnk_file
> {open, read,getattr}
> another part is: allow A_domian system_data_file: file
> create_file_perms
> allow A_domian system_data_file: dir
> {write, add_name}
>
> requirement------------- I want to open link and create file inside
> it.
> policy----------------------I should have allow
> rule to open and read link.
> ------------------------------And I also should have allow
> rules to open and write dir which the link pointed to.
> two part policy is needed to implement the requirement
> Is that right?
>
> I am looking forward to your answer. Thanks advance.
I doubt you want to have your process opening these directories through
the symlink in the app data directory (consider what happens if the app
replaces the symlink with one pointing somewhere else). Why not just
directly access /data/app-lib/<pkgname>? And why would anything need
to be created there after package installation?
