Merge "Re-label /data/pkg_staging files as staging."

commit: 9596d6d4c770dce5df7ddbe7f772cbc024daaa17 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Wed Apr 10 16:30:21 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Apr 10 16:30:21 2019 +0000
tree: ef78814bfa2e2bb3688f5bafc5778b22e799a610
parent: e8bdbdeeabb557910cafa52cc6c41fb09c491a89 [diff]
parent: e7aaa0c273f6075684d6ddfc4c30495ebc069aa2 [diff]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 17f4111..fcdd653 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -339,6 +339,7 @@
 # They must use ASharedMemory NDK API instead.
 neverallow {
   all_untrusted_apps
+  -ephemeral_app
   -untrusted_app_25
   -untrusted_app_27
 } ashmem_device:chr_file open;

diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index a94c637..1283e21 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te

@@ -65,7 +65,7 @@
 allow ephemeral_app system_server:udp_socket {
         connect getattr read recvfrom sendto write getopt setopt };
 
-allow ephemeral_app ashmem_device:chr_file { getattr read ioctl lock map append write };
+allow ephemeral_app ashmem_device:chr_file rw_file_perms;
 
 ###
 ### neverallow rules
commit	9596d6d4c770dce5df7ddbe7f772cbc024daaa17	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Wed Apr 10 16:30:21 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Apr 10 16:30:21 2019 +0000
tree	ef78814bfa2e2bb3688f5bafc5778b22e799a610
parent	e8bdbdeeabb557910cafa52cc6c41fb09c491a89 [diff]
parent	e7aaa0c273f6075684d6ddfc4c30495ebc069aa2 [diff]