[selinux] allow priv_app to get incremental progress
This allows phonesky to get incremental install progress.
Addresses denial message like below:
W/BlockingExecuto: type=1400 audit(0.0:5582): avc: denied { ioctl } for path="/data/incremental/MT_data_app_vmdl133/mount/.index/04abf89d12c3fe8f6fe9b381a670255c" dev="incremental-fs" ino=52957 ioctlcmd=0x6722 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 app=com.android.vending
Test: builds
BUG: 172965880
Change-Id: Ibecd4e07746e7bb3ca6bdf762382744b38f677cb
This commit is contained in:
Songchun Fan
parent
6691c9c411
commit
b4c9491aed
1 changed files with 2 additions and 1 deletions
|
|
@ -156,11 +156,12 @@ allow priv_app system_server:udp_socket {
|
|||
r_dir_file(priv_app, sysfs_fs_incfs_features)
|
||||
|
||||
# allow apps like Phonesky to check the file signature of an apk installed on
|
||||
# the Incremental File System, fill missing blocks and get the app status
|
||||
# the Incremental File System, fill missing blocks and get the app status and loading progress
|
||||
allowxperm priv_app apk_data_file:file ioctl {
|
||||
INCFS_IOCTL_READ_SIGNATURE
|
||||
INCFS_IOCTL_FILL_BLOCKS
|
||||
INCFS_IOCTL_GET_BLOCK_COUNT
|
||||
INCFS_IOCTL_GET_FILLED_BLOCKS
|
||||
};
|
||||
|
||||
# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
|
||||
|
|
|
|||
Loading…
Reference in a new issue