Sepolicy: Allow otapreopt access to vendor overlay files

A handful of APKs are vendor overlay files. Allow access.

Test: m
Change-Id: I791fa37a3bcb07729386047f0cda178753af9de5
This commit is contained in:
Andreas Gampe 2019-03-22 12:13:53 -07:00
parent 1a5db599ce
commit 30186cf611
2 changed files with 4 additions and 0 deletions

View file

@ -58,6 +58,7 @@ full_treble_only(`
-idmap
-init
-installd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
-app_zygote
@ -74,6 +75,7 @@ full_treble_only(`
-idmap
-init
-installd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
-app_zygote

View file

@ -32,6 +32,8 @@ allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };
r_dir_file(postinstall_dexopt, apk_data_file)
# Read vendor app data (APKs) as input to dex2oat.
r_dir_file(postinstall_dexopt, vendor_app_file)
# Read vendor overlay files (APKs) as input to dex2oat.
r_dir_file(postinstall_dexopt, vendor_overlay_file)
# Access to app oat directory.
r_dir_file(postinstall_dexopt, dalvikcache_data_file)