platform_system_sepolicy/private/apex_test_prepostinstall.te
Andreas Gampe 261ea86192 Sepolicy: Initial Apexd pre-/postinstall rules
Give apexd permission to execute sh.

Add userdebug_or_eng domains and rules for the test
APEX for pre- and post-install.

Bug: 119260955
Bug: 119261380
Test: atest apexservice_test
Change-Id: I0c4a5e35e096101a53c9d1f212d2db2e63728267
2019-01-24 15:06:17 -08:00

20 lines
647 B
Text

# APEX pre- & post-install test.
#
# Allow to run pre- and post-install hooks for APEX test modules
# in debuggable builds.
type apex_test_prepostinstall, domain, coredomain;
type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type;
userdebug_or_eng(`
# /dev/zero
allow apex_test_prepostinstall apexd:fd use;
# Logwrapper.
create_pty(apex_test_prepostinstall)
# Logwrapper executing sh.
allow apex_test_prepostinstall shell_exec:file rx_file_perms;
# Logwrapper exec.
allow apex_test_prepostinstall system_file:file execute_no_trans;
# Ls.
allow apex_test_prepostinstall toolbox_exec:file rx_file_perms;
')