From 7c81cab94eb78dcc09e4f93c0d5002265fb70813 Mon Sep 17 00:00:00 2001
From: Shikha Malhotra <shikhamalhotra@google.com>
Date: Thu, 17 Mar 2022 10:40:20 +0000
Subject: [PATCH] Added permission to allow for ioctl to be added to
 install_data_file

This is in addition to allowing setting of extended attributes (for project quota IDs) on files and dirs and to enable project ID inheritance through FS_IOC_SETFLAGS

Bug: b/215154615
Test: atest installd/StorageHostTest
Test: atest installd/installd_service_test.cpp
Change-Id: I769ae7ed110175dbb5d511a4345c57057d71ae64
---
 public/installd.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/public/installd.te b/public/installd.te
index b0b2815ba..84ef1fd48 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -115,9 +115,10 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
 allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
 allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
 
-# Allow setting extended attributes (for project quota IDs) on dirs
+# Allow setting extended attributes (for project quota IDs) on dirs and files
 # and to enable project ID inheritance through FS_IOC_SETFLAGS
-allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
+# Added install_data_file to be able to create file under /data/misc/installd/ioctl_check
+allowxperm installd { app_data_file_type system_data_file install_data_file}:{ dir file } ioctl {
   FS_IOC_FSGETXATTR
   FS_IOC_FSSETXATTR
   FS_IOC_GETFLAGS