[sepolicy] allow installd to query apps installed on Incremental File System
[Cherry-pick from AOSP] Addresses denial messages like: 06-10 19:36:56.269 1214 1214 I Binder:1214_5: type=1400 audit(0.0:58): avc: denied { use } for path="/data/incremental/MT_data_app_vmdl199/backing_store/st_2_1/com.unity.megacity-HlbmeQJjThgePchBlByuoQ==" dev="dm-5" ino=10445 scontext=u:r:installd:s0 tcontext=u:r:vold:s0 tclass=fd permissive=1 06-10 19:36:56.516 1214 1214 I Binder:1214_6: type=1400 audit(0.0:59): avc: denied { use } for path="/data/incremental/MT_data_app_vmdl199/backing_store/st_2_1/com.unity.megacity-HlbmeQJjThgePchBlByuoQ==" dev="dm-5" ino=10445 scontext=u:r:installd:s0 tcontext=u:r:vold:s0 tclass=fd permissive=1 BUG: 190699430 Test: manual Change-Id: Iee4bdb382b6af5bc8cd63fde2c0db5f0b9b4f02b Merged-In: Iee4bdb382b6af5bc8cd63fde2c0db5f0b9b4f02b
This commit is contained in:
parent
b662d65f19
commit
a357042fa5
1 changed files with 4 additions and 0 deletions
|
@ -160,6 +160,10 @@ allow installd proc_filesystems:file r_file_perms;
|
|||
#add for move app to sd card
|
||||
get_prop(installd, storage_config_prop)
|
||||
|
||||
# Allow installd to access apps installed on the Incremental File System
|
||||
# Accessing files on the Incremental File System uses fds opened in the context of vold.
|
||||
allow installd vold:fd use;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
|
Loading…
Reference in a new issue