Merge "Allow system_server to enable fs-verity."

2022-12-21 01:24:43 +00:00 · 2022-12-21 01:24:43 +00:00 · 3ca356b7df
commit 3ca356b7df
parent b6066c2261 ff577a00b8
1 changed files with 1 additions and 1 deletions
--- a/private/system_server.te
+++ b/private/system_server.te
@ -1087,7 +1087,7 @@ set_prop(system_server, system_adbd_prop)
 allow system_server toolbox_exec:file rx_file_perms;

 # Allow system process to setup fs-verity
-allowxperm system_server apk_data_file:file ioctl FS_IOC_ENABLE_VERITY;
+allowxperm system_server { apk_data_file system_data_file apex_system_server_data_file }:file ioctl FS_IOC_ENABLE_VERITY;

 # Allow system process to measure fs-verity for apps, apps being installed and system files
 allowxperm system_server { apk_data_file apk_tmp_file system_file }:file ioctl FS_IOC_MEASURE_VERITY;