Introduce asec_public_file type. This new type will allow us to write finer-grained policy concerning asec containers. Some files of these containers need to be world readable. Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

commit: 48b18832c476f0bd8fcb8ee3e308258392f36aaf [log] [tgz]
author: Robert Craig <rpcraig@tycho.ncsc.mil> Tue Feb 04 11:36:41 2014 -0500
committer: Nick Kralevich <nnk@google.com> Tue Feb 11 17:08:10 2014 +0000
tree: 6e0be59d71a71598b0b6c05df1e8e84c5d2bbfc2
parent: e21871c8b7250f5dfc746298ab170a869e6be94d [diff] [blame]
diff --git a/mediaserver.te b/mediaserver.te
index ad7cdcb..31b4818 100644
--- a/mediaserver.te
+++ b/mediaserver.te

@@ -39,7 +39,7 @@
 allow mediaserver sysfs:file rw_file_perms;
 
 # XXX Why?
-allow mediaserver { apk_data_file asec_apk_file }:file { read getattr };
+allow mediaserver apk_data_file:file { read getattr };
 
 # Access camera device.
 allow mediaserver camera_device:chr_file rw_file_perms;
commit	48b18832c476f0bd8fcb8ee3e308258392f36aaf	[log] [tgz]
author	Robert Craig <rpcraig@tycho.ncsc.mil>	Tue Feb 04 11:36:41 2014 -0500
committer	Nick Kralevich <nnk@google.com>	Tue Feb 11 17:08:10 2014 +0000
tree	6e0be59d71a71598b0b6c05df1e8e84c5d2bbfc2
parent	e21871c8b7250f5dfc746298ab170a869e6be94d [diff] [blame]