Allow gsid to read from FIFO
`gsid` may receive a FIFO if invoked via `gsi_tool`.
For the `su root` case, allow `gsid` to read `shell` FIFO.
For the `adb root` case, allow `gsid` to read `su` FIFO.
Move `gsi_tool` related allow rules to userdebug and
eng build only, because these are development features
that require root permission, thus shouldn't be shipped
on a user build.
Bug: 166589508
Test: adb unroot && gzip -c system.raw | adb shell "zcat | su root gsi_tool install ..."
Test: adb root && gzip -c system.raw | adb shell "zcat | gsi_tool install ..."
Change-Id: I779e4d49eb57240b1a5422139d7683dbac0da988
diff --git a/private/gsid.te b/private/gsid.te
index 9d07adb..37eedbb 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -69,10 +69,15 @@
# requirement, but the kernel does not implement FIEMAP support for VFAT.
allow gsid self:global_capability_class_set sys_rawio;
-# gsi_tool passes the system image over the adb connection, via stdin.
-allow gsid adbd:fd use;
-# Needed when running gsi_tool through "su root" rather than adb root.
-allow gsid adbd:unix_stream_socket rw_socket_perms;
+# Allow rules for gsi_tool.
+userdebug_or_eng(`
+ # gsi_tool passes the system image over the adb connection, via stdin.
+ allow gsid adbd:fd use;
+ # Needed when running gsi_tool through "su root" rather than adb root.
+ allow gsid adbd:unix_stream_socket rw_socket_perms;
+ # gsi_tool passes a FIFO to gsid if invoked with pipe redirection.
+ allow gsid { shell su }:fifo_file r_file_perms;
+')
neverallow {
domain