installd: add fsverity ioctls
installd calls fsverity ioctls FS_IOC_ENABLE_VERITY and
FS_IOC_SET_VERITY_MEASUREMENT on APKs in /data/app. Allow it.
Addresses the following denials:
type=1400 audit(0.0:13): avc: denied { ioctl } for comm="Binder:912_1"
path="/data/app/com.android.vending-QZXfga9NZzHdv31lJzPTdQ==/base.apk"
dev="dm-3" ino=43887 ioctlcmd=0x6686 scontext=u:r:installd:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
type=1400 audit(0.0:40): avc: denied { ioctl } for comm="Binder:876_1"
path="/data/app/com.android.settings-0xUwDcuYseP40L3WMUTGIw==/base.apk"
dev="dm-0" ino=6855 ioctlcmd=0x6685 scontext=u:r:installd:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
Test: policy compiles and device boots
Bug: 30972906
Change-Id: Ifc88ae6909971c2f2bb24479f5e748fc7900447d
2 files changed