tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow appdomain to read dir and files under vendor_microdroid_file

Browse source 
For testing purpose, now we need to use microdroid vendor image for the
production due to vendor hashtree digest value comes from the
bootloader. In the past, we've used distinguished image file for testing
purpose, but we can't now.

Bug: 323768068
Test: atest MicrodroidTests#bootsWithVendorPartition
Test: atest MicrodroidBenchmarks#testMicrodroidDebugBootTime_withVendorPartition
Change-Id: Ic58e51466da0273cf27219d9228f33000e0ecb88
This commit is contained in:
Seungjae Yoo 2024-02-13 13:47:36 +09:00
parent d88d8959a8
commit 01c4f57431
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/app.te
View file

@ -146,6 +146,9 @@ not_full_treble(`allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_file
r_dir_file({ appdomain -ephemeral_app -sdk_sandbox_all }, vendor_app_file)
allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_app_file:file execute;
# Allow apps to read microdroid related files in vendor partition for CTS purpose.
r_dir_file({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }, vendor_microdroid_file)
# Perform binder IPC to sdk sandbox.
binder_call(appdomain, sdk_sandbox_all)