Allow composd to create odrefresh staging directory composd in responsible to prepare the staging directory for odrefresh (in the VM) to write the output to. Temporary output should be put in a staged directory with a temporary apex_art_staging_data_file context. When a compilation is finished, the files can then be moved to the final directory with the final context. Bug: 205750213 Test: No denials Change-Id: I9444470b31518242c1bb84fc755819d459d21d68

commit: 33aa1a3c527067aa68d194e90df885d12e31ed2b [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Fri Dec 03 16:46:18 2021 -0800
committer: Victor Hsieh <victorhsieh@google.com> Mon Dec 06 08:41:31 2021 -0800
tree: d3ab1c350f14d4f8c48535067a95c0a33436caaa
parent: 1f117c26c6054716a279d6155eb161f7c65b7ba4 [diff] [blame]
diff --git a/private/composd.te b/private/composd.te
index e41533b..41f1a9b 100644
--- a/private/composd.te
+++ b/private/composd.te

@@ -13,6 +13,10 @@
 # Start a VM
 virtualizationservice_use(composd)
 
+# Allow preparing staging directory for odrefresh
+allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
+allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
+
 # Access our APEX data files
 allow composd apex_module_data_file:dir search;
 allow composd apex_compos_data_file:dir create_dir_perms;
commit	33aa1a3c527067aa68d194e90df885d12e31ed2b	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Fri Dec 03 16:46:18 2021 -0800
committer	Victor Hsieh <victorhsieh@google.com>	Mon Dec 06 08:41:31 2021 -0800
tree	d3ab1c350f14d4f8c48535067a95c0a33436caaa
parent	1f117c26c6054716a279d6155eb161f7c65b7ba4 [diff] [blame]