tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow vendor_overlay_file from vendor apex" am: ad08877b4d

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2618632

Change-Id: I762e8a8848868268804b2d9d2012246e5fcc0707
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Jooyung Han 2023-06-09 06:31:34 +00:00 committed by Automerger Merge Worker
commit cef75edc33
5 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/artd.te
View file

@ -39,9 +39,11 @@ allow artd apk_data_file:file r_file_perms;
# Read access to vendor APKs ({/vendor,/odm}/{app,priv-app}/...).
r_dir_file(artd, vendor_app_file)
# Read access to vendor overlay APKs ({/vendor,/odm,/oem}/overlay/...).
# Read access to vendor overlay APKs ({/vendor,/odm,/oem,/apex/*}/overlay/...).
allow artd oemfs:dir { getattr search };
r_dir_file(artd, vendor_overlay_file)
# Vendor overlay can be found in vendor apex
allow artd vendor_apex_metadata_file:dir { getattr search };
# Read access to vendor shared libraries ({/vendor,/odm}/framework/...).
r_dir_file(artd, vendor_framework_file)

2
private/dex2oat.te
View file

@ -12,6 +12,8 @@ allow dex2oat vendor_framework_file:dir { getattr search };
allow dex2oat vendor_framework_file:file { getattr open read map };
# Access /vendor/overlay
r_dir_file(dex2oat, vendor_overlay_file);
# Vendor overlay can be found in vendor apex
allow dex2oat vendor_apex_metadata_file:dir { getattr search };
allow dex2oat tmpfs:file { read getattr map };

2
private/postinstall_dexopt.te
View file

@ -47,6 +47,8 @@ r_dir_file(postinstall_dexopt, apk_data_file)
r_dir_file(postinstall_dexopt, vendor_app_file)
# Read vendor overlay files (APKs) as input to dex2oat.
r_dir_file(postinstall_dexopt, vendor_overlay_file)
# Vendor overlay can be found in vendor apex
allow postinstall_dexopt vendor_apex_metadata_file:dir { getattr search };
# Access to app oat directory.
r_dir_file(postinstall_dexopt, dalvikcache_data_file)

2
private/rs.te
View file

@ -19,6 +19,8 @@ allow rs { app_data_file privapp_data_file }:dir remove_name;
allow rs vendor_file:dir r_dir_perms;
r_dir_file(rs, vendor_overlay_file)
r_dir_file(rs, vendor_app_file)
# Vendor overlay can be found in vendor apex
allow rs vendor_apex_metadata_file:dir { getattr search };
# Read contents of app apks
r_dir_file(rs, apk_data_file)

2
public/installd.te
View file

@ -33,6 +33,8 @@ r_dir_file(installd, vendor_app_file)
r_dir_file(installd, vendor_framework_file)
# Scan through Runtime Resource Overlay APKs in /vendor/overlay
r_dir_file(installd, vendor_overlay_file)
# Vendor overlay can be found in vendor apex
allow installd vendor_apex_metadata_file:dir { getattr search };
# Get file context
allow installd file_contexts_file:file r_file_perms;
# Get seapp_context