tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow composd to enable fs-verity to compiled artifacts" am: 15c64f5a21 am: 05d1c76bf9

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2488601

Change-Id: I2f0beca46bec3a4469b4bc7d49e1d4524987387b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2023-03-15 18:24:56 +00:00 committed by Automerger Merge Worker
commit 964872fbe5
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
private/composd.te
View file

@ -17,8 +17,9 @@ allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
allow composd apex_art_staging_data_file:file { getattr unlink };
# Delete files in the odrefresh target directory
allow composd apex_art_data_file:file unlink;
# Delete files or enable fs-verity in the odrefresh target directory
allow composd apex_art_data_file:file { open ioctl read unlink write };
allowxperm composd apex_art_data_file:file ioctl FS_IOC_ENABLE_VERITY;
# Access our APEX data files
allow composd apex_module_data_file:dir search;
@ -34,4 +35,4 @@ get_prop(composd, dalvik_config_prop)
get_prop(composd, device_config_runtime_native_boot_prop)
# We never create any artifact files directly
neverallow composd apex_art_data_file:file ~unlink;
neverallow composd apex_art_data_file:file create;