Allow the kernel to read shell_data_file

In ApexTestCases, a temp file in /data/local/tmp is used via a loop device, which requires the kernel to read it. This is only allowed in userdebug/eng. Bug: 192259606 Test: ApexTestCases Change-Id: Ic7d3e67a8a3e818b43b7caead9053d82cbcbccf7
2021-07-01 00:04:41 +09:00 · 2021-07-01 00:04:41 +09:00 · 4b8ece3683
commit 4b8ece3683
parent 55badc22c1
1 changed files with 5 additions and 0 deletions
--- a/public/kernel.te
+++ b/public/kernel.te
@ -95,6 +95,11 @@ allow kernel {
  staging_data_file
  vendor_apex_file
 }:file read;
+# Also allow the kernel to read /data/local/tmp files via loop device
+# for ApexTestCases
+userdebug_or_eng(`
+  allow kernel shell_data_file:file read;
+')

 # Allow the first-stage init (which is running in the kernel domain) to execute the
 # dynamic linker when it re-executes /init to switch into the second stage.