postinstall_dexopt: allow reading odsign.verification.status

Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
This commit is contained in:
Orion Hodson 2021-07-19 18:58:43 +01:00
parent e1389977e0
commit 5fcce9ded3
2 changed files with 6 additions and 0 deletions

View file

@ -32,6 +32,9 @@ allow postinstall_dexopt rootfs:file r_file_perms;
allow postinstall_dexopt tmpfs:file read;
# Allow access odsign verification status
get_prop(postinstall_dexopt, odsign_prop)
# Allow access to /postinstall/apex.
allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };

View file

@ -32,6 +32,9 @@ allow postinstall_dexopt rootfs:file r_file_perms;
allow postinstall_dexopt tmpfs:file read;
# Allow access odsign verification status
get_prop(postinstall_dexopt, odsign_prop)
# Allow access to /postinstall/apex.
allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };