Allow otapreopt_chroot to use stdin and stdout pipes. Test: See https://r.android.com/2681675 Bug: 293639539 Change-Id: I89ed8bcf5b5307736c53f9b345ac8a288584afad

commit: 2d6ee0286e2a0262ecfdd8e4a45484ddbc8a1a63 [log] [tgz]
author: Martin Stjernholm <mast@google.com> Fri Jul 28 21:58:10 2023 +0100
committer: Martin Stjernholm <mast@google.com> Mon Aug 07 21:21:20 2023 +0100
tree: 84c50e3acba2c85c2071eb7643c5d2b35be18b29
parent: 9d965761ca377a49210f86bf1411df5be6f7bcf1 [diff] [blame]
diff --git a/private/otapreopt_chroot.te b/private/otapreopt_chroot.te
index ea9d4ee..73e170b 100644
--- a/private/otapreopt_chroot.te
+++ b/private/otapreopt_chroot.te

@@ -36,9 +36,10 @@
 # Allow otapreopt_chroot to read the persist.apexd.verity_on_system system property.
 get_prop(otapreopt_chroot, apexd_prop)
 
-# Allow otapreopt to use file descriptors from update-engine. It will
-# close them immediately.
+# Allow otapreopt to use file descriptors from update-engine and the postinstall
+# script. It will read dexopt commands from stdin and write progress to stdout.
 allow otapreopt_chroot postinstall:fd use;
+allow otapreopt_chroot postinstall:fifo_file { read write getattr };
 allow otapreopt_chroot update_engine:fd use;
 allow otapreopt_chroot update_engine:fifo_file write;
commit	2d6ee0286e2a0262ecfdd8e4a45484ddbc8a1a63	[log] [tgz]
author	Martin Stjernholm <mast@google.com>	Fri Jul 28 21:58:10 2023 +0100
committer	Martin Stjernholm <mast@google.com>	Mon Aug 07 21:21:20 2023 +0100
tree	84c50e3acba2c85c2071eb7643c5d2b35be18b29
parent	9d965761ca377a49210f86bf1411df5be6f7bcf1 [diff] [blame]