Allow gsid to read from /storage/emulated/...
so that `gsi_tool install ... < /storage/emulated/...` can work.
Bug: 165471299
Test: adb push system.img /storage/emulated/0/Download &&
adb root && adb shell 'gsi_tool install \
--gsi-size $(du -b /storage/emulated/0/Download/system.img | cut -f1) \
< /storage/emulated/0/Download/system.img'
Change-Id: I1dd435e32a4b5b5ebe2473cc703bfdd0d755a4e7
diff --git a/private/gsid.te b/private/gsid.te
index 37eedbb..3d91eb8 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -77,6 +77,8 @@
allow gsid adbd:unix_stream_socket rw_socket_perms;
# gsi_tool passes a FIFO to gsid if invoked with pipe redirection.
allow gsid { shell su }:fifo_file r_file_perms;
+ # Allow installing images from /storage/emulated/...
+ allow gsid sdcard_type:file r_file_perms;
')
neverallow {