From b4c9491aed442837558a2b860d8a0c2182ea5fd0 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Tue, 9 Feb 2021 14:33:24 -0800 Subject: [PATCH] [selinux] allow priv_app to get incremental progress This allows phonesky to get incremental install progress. Addresses denial message like below: W/BlockingExecuto: type=1400 audit(0.0:5582): avc: denied { ioctl } for path="/data/incremental/MT_data_app_vmdl133/mount/.index/04abf89d12c3fe8f6fe9b381a670255c" dev="incremental-fs" ino=52957 ioctlcmd=0x6722 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 app=com.android.vending Test: builds BUG: 172965880 Change-Id: Ibecd4e07746e7bb3ca6bdf762382744b38f677cb --- private/priv_app.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/private/priv_app.te b/private/priv_app.te index 4b0218e6c..1857af8ea 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -156,11 +156,12 @@ allow priv_app system_server:udp_socket { r_dir_file(priv_app, sysfs_fs_incfs_features) # allow apps like Phonesky to check the file signature of an apk installed on -# the Incremental File System, fill missing blocks and get the app status +# the Incremental File System, fill missing blocks and get the app status and loading progress allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_BLOCK_COUNT + INCFS_IOCTL_GET_FILLED_BLOCKS }; # allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System