tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow system server to read /vendor/apex.

Browse source 
PackageManager needs to access these data to inspect APK signatures.

Test: installed apex.test under /vendor/apex and verified it is
recognized.
Change-Id: I657958631939d67ee04c0836001f52c212a0a35d
This commit is contained in:
Dario Freni 2019-10-15 12:44:04 +01:00
parent 2a6c860a94
commit 4d3e9e7571
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/system_server.te
View file

@ -1002,6 +1002,12 @@ wakelock_use(system_server)
allow system_server apex_data_file:dir { getattr search };
allow system_server apex_data_file:file r_file_perms;
# Allow the system server to read files under /vendor/apex. This is where
# vendor APEX packages might be installed and system_server needs to parse
# these packages to inspect the signatures and other metadata.
allow system_server vendor_apex_file:dir { getattr search };
allow system_server vendor_apex_file:file r_file_perms;
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
# communicate which slots are available for use.
allow system_server metadata_file:dir search;