tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

postinstall_dexopt: allow reading odsign.verification.status

Browse source 
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
This commit is contained in:
Orion Hodson 2021-07-19 18:58:43 +01:00
parent e1389977e0
commit 5fcce9ded3
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
prebuilts/api/31.0/private/postinstall_dexopt.te
View file

@ -32,6 +32,9 @@ allow postinstall_dexopt rootfs:file r_file_perms;
allow postinstall_dexopt tmpfs:file read; allow postinstall_dexopt tmpfs:file read;
# Allow access odsign verification status
get_prop(postinstall_dexopt, odsign_prop)
# Allow access to /postinstall/apex. # Allow access to /postinstall/apex.
allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search }; allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };

3
private/postinstall_dexopt.te
View file

@ -32,6 +32,9 @@ allow postinstall_dexopt rootfs:file r_file_perms;
allow postinstall_dexopt tmpfs:file read; allow postinstall_dexopt tmpfs:file read;
# Allow access odsign verification status
get_prop(postinstall_dexopt, odsign_prop)
# Allow access to /postinstall/apex. # Allow access to /postinstall/apex.
allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search }; allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };