platform_system_sepolicy/private/apexd_derive_classpath.te
Samiul Islam 9237163c26 Allow apexd to call derive_classpath binary
This will allow apexd to determine if a staged apex contributes to
classpath or not.

Bug: 187444679
Test: atest ApexTestCases
Test: atest StagedInstallInternalTest
Change-Id: I336001ef1dab3aa45835662eecc02d63645b5980
2021-10-28 16:27:09 +01:00

9 lines
415 B
Text

# Exclusive domain for apexd calling into derive_classpath binary
type apexd_derive_classpath, domain, coredomain;
# Allow the binary to write into output file at location /apex/derive_classpath_temp
allow apexd_derive_classpath apexd:fd use;
allow apexd_derive_classpath apex_mnt_dir:file { write open };
# Allow the binary to log using logwrap
allow apexd_derive_classpath apexd_devpts:chr_file { read write };