Allow priv_app to search apex_data_file and read staging_data_file This changes are necessary to make files under /data/apex/active be readable by Phonesky. Test: builds Bug: 154635217 Merged-In: I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2 Change-Id: I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2 (cherry picked from commit 89d43a51bae00bd805db222508e42021b432c414)

commit: 01d4c9917503982ffa7b1f8098b75951e3b9a1f3 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Wed Apr 22 00:04:04 2020 +0100
committer: Nikita Ioffe <ioffe@google.com> Fri Apr 24 23:41:13 2020 +0100
tree: fe65979485bca1dd59f1f1ecf789574f2a69caef
parent: ca10be483b5664c16cdf088119142e0333e0a73d [diff] [blame]
diff --git a/private/priv_app.te b/private/priv_app.te
index 2325716..7794ee8 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -153,6 +153,10 @@
 # on the Incremental File System.
 allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL;
 
+# Required for Phonesky to be able to read APEX files under /data/apex/active/.
+allow priv_app apex_data_file:dir search;
+allow priv_app staging_data_file:file r_file_perms;
+
 ###
 ### neverallow rules
 ###
commit	01d4c9917503982ffa7b1f8098b75951e3b9a1f3	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Wed Apr 22 00:04:04 2020 +0100
committer	Nikita Ioffe <ioffe@google.com>	Fri Apr 24 23:41:13 2020 +0100
tree	fe65979485bca1dd59f1f1ecf789574f2a69caef
parent	ca10be483b5664c16cdf088119142e0333e0a73d [diff] [blame]