Merge "Adding more permission for selinux to some attributes and flags"

commit: 2df2acd1e8d209a5fb549e4fa5205f3969f9ba32 [log] [tgz]
author: Shikha Malhotra <shikhamalhotra@google.com> Wed Mar 09 08:19:09 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 09 08:19:09 2022 +0000
tree: 6de2aeee291fe15dd777a8987bc68408701baeba
parent: 631f68045ecb77ea72577a6667b213859dc563b6 [diff]
parent: ddfb8a99cccdbcb1719792d6a11106cc623b8830 [diff]
diff --git a/public/installd.te b/public/installd.te
index 1ef4fc7..b0b2815 100644
--- a/public/installd.te
+++ b/public/installd.te

@@ -115,6 +115,15 @@
 allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
 allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
 
+# Allow setting extended attributes (for project quota IDs) on dirs
+# and to enable project ID inheritance through FS_IOC_SETFLAGS
+allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
+  FS_IOC_FSGETXATTR
+  FS_IOC_FSSETXATTR
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+};
+
 # Similar for the files under /data/misc/profiles/
 allow installd user_profile_root_file:dir { create_dir_perms relabelfrom };
 allow installd user_profile_data_file:dir { create_dir_perms relabelto };
commit	2df2acd1e8d209a5fb549e4fa5205f3969f9ba32	[log] [tgz]
author	Shikha Malhotra <shikhamalhotra@google.com>	Wed Mar 09 08:19:09 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Mar 09 08:19:09 2022 +0000
tree	6de2aeee291fe15dd777a8987bc68408701baeba
parent	631f68045ecb77ea72577a6667b213859dc563b6 [diff]
parent	ddfb8a99cccdbcb1719792d6a11106cc623b8830 [diff]