tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow apexd to call derive_classpath binary

Browse source 
This will allow apexd to determine if a staged apex contributes to
classpath or not.

Bug: 187444679
Test: atest ApexTestCases
Test: atest StagedInstallInternalTest
Change-Id: I336001ef1dab3aa45835662eecc02d63645b5980
This commit is contained in:
Samiul Islam 2021-10-08 12:35:22 +01:00
parent 43352fab2d
commit 9237163c26
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/apexd.te
View file

@ -186,3 +186,6 @@ allow apexd postinstall_apex_mnt_dir:dir { create_dir_perms mounton };
allow apexd postinstall_apex_mnt_dir:file { create_file_perms relabelfrom };
allow apexd postinstall_apex_mnt_dir:lnk_file create;
allow apexd proc_filesystems:file r_file_perms;
# Allow calling derive_classpath to gather BCP information for staged sessions
domain_auto_trans(apexd, derive_classpath_exec, apexd_derive_classpath);

9
private/apexd_derive_classpath.te Normal file
View file

@ -0,0 +1,9 @@
# Exclusive domain for apexd calling into derive_classpath binary
type apexd_derive_classpath, domain, coredomain;
# Allow the binary to write into output file at location /apex/derive_classpath_temp
allow apexd_derive_classpath apexd:fd use;
allow apexd_derive_classpath apex_mnt_dir:file { write open };
# Allow the binary to log using logwrap
allow apexd_derive_classpath apexd_devpts:chr_file { read write };