Allow shell to read updated APEXes
This is useful for certain tests. Note that it is already possible to access these files without root via adb pull, since adbd has access. Shell also already has access to non-updated APEXes on /system/apex. Bug: 220918654 Test: adb unroot; pm install --apex /data/apex/decompressed/X.decompressed.apex Change-Id: I35725499365b297a64c9005c8e45325531d3991d
This commit is contained in:
Alan Stokes
parent
a4e2f0ce01
commit
5490752cfc
2 changed files with 5 additions and 0 deletions
|
|
@ -245,6 +245,7 @@ neverallow {
|
|||
-installd
|
||||
-iorap_inode2filename
|
||||
-priv_app
|
||||
-shell
|
||||
-virtualizationservice
|
||||
-crosvm
|
||||
} staging_data_file:file *;
|
||||
|
|
|
|||
|
|
@ -130,6 +130,10 @@ allow shell apex_info_file:file r_file_perms;
|
|||
allow shell vendor_apex_file:file r_file_perms;
|
||||
allow shell vendor_apex_file:dir r_dir_perms;
|
||||
|
||||
# Allow shell to read updated APEXes under /data/apex
|
||||
allow shell apex_data_file:dir search;
|
||||
allow shell staging_data_file:file r_file_perms;
|
||||
|
||||
# Set properties.
|
||||
set_prop(shell, shell_prop)
|
||||
set_prop(shell, ctl_bugreport_prop)
|
||||
|
|
|
|||
Loading…
Reference in a new issue