Allow system_server to read apk root hash. Bug: 231354111 Test: presubmit Change-Id: I01ec32d46014aafff58aaf94146d7a5953ec023e

commit: 0105944bbc46f346b25fabc556442cf545b61124 [log] [tgz]
author: Alex Buynytskyy <alexbuy@google.com> Wed May 04 16:30:21 2022 -0700
committer: Alex Buynytskyy <alexbuy@google.com> Wed May 04 16:30:21 2022 -0700
tree: efa5c321c42762b7e1462f6d1e69811bb598857a
parent: cec541e9ab6bcd80d667f8bb2a919cb86539ce11 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 9eea9c1..4d44736 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1075,6 +1075,10 @@
   FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
 };
 
+allowxperm system_server system_file:file ioctl {
+  FS_IOC_MEASURE_VERITY
+};
+
 # Postinstall
 #
 # For OTA dexopt, allow calls coming from postinstall.
commit	0105944bbc46f346b25fabc556442cf545b61124	[log] [tgz]
author	Alex Buynytskyy <alexbuy@google.com>	Wed May 04 16:30:21 2022 -0700
committer	Alex Buynytskyy <alexbuy@google.com>	Wed May 04 16:30:21 2022 -0700
tree	efa5c321c42762b7e1462f6d1e69811bb598857a
parent	cec541e9ab6bcd80d667f8bb2a919cb86539ce11 [diff]