From ce6e2987de0c6b1f1f031b8366174443be8f799f Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Tue, 21 Dec 2021 14:43:39 +0000
Subject: [PATCH] Allow composd to delete ART staging files

If the directory is non-empty when we start we need to delete
everything in it, but didn't have enough access:

avc: denied { getattr } for
path="/data/misc/apexdata/com.android.art/staging/boot-framework.art"
dev="dm-37" ino=57755 scontext=u:r:composd:s0
tcontext=u:object_r:apex_art_staging_data_file:s0 tclass=file
permissive=0

Bug: 205750213
Test: create files in staging/, composd_cmd test-compile
Change-Id: I3a66db7f5fbff82abcf547cb1c2b24e9c53ab158
---
 private/composd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/composd.te b/private/composd.te
index 5b8f5868d..dd61e3935 100644
--- a/private/composd.te
+++ b/private/composd.te
@@ -16,6 +16,7 @@ virtualizationservice_use(composd)
 # Prepare staging directory for odrefresh
 allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
 allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
+allow composd apex_art_staging_data_file:file { getattr unlink };
 
 # Delete files in the odrefresh target directory
 allow composd apex_art_data_file:file unlink;