move untrusted_app statement to the correct file. Change-Id: I5ae9606023ef7f3489f44e6657766e922160c470

commit: 8be3e77986e573751cb74634f58c4fbacb0bcd11 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Mar 05 15:40:04 2015 -0800
committer: Nick Kralevich <nnk@google.com> Thu Mar 05 15:40:04 2015 -0800
tree: f5ab4579f68512c591ce748917a313f592a9080b
parent: ee66ba8c4062f6cd1ce481384d39d13e0281f8bc [diff] [blame]
diff --git a/untrusted_app.te b/untrusted_app.te
index 91cb46a..92d2cf4 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -47,6 +47,11 @@
 allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
 
+# Read and write system app data files passed over Binder.
+# Motivating case was /data/data/com.android.settings/cache/*.jpg for
+# cropping or taking user photos.
+allow untrusted_app system_app_data_file:file { read write getattr };
+
 #
 # Rules migrated from old app domains coalesced into untrusted_app.
 # This includes what used to be media_app, shared_app, and release_app.
commit	8be3e77986e573751cb74634f58c4fbacb0bcd11	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Mar 05 15:40:04 2015 -0800
committer	Nick Kralevich <nnk@google.com>	Thu Mar 05 15:40:04 2015 -0800
tree	f5ab4579f68512c591ce748917a313f592a9080b
parent	ee66ba8c4062f6cd1ce481384d39d13e0281f8bc [diff] [blame]