Allow apps to read apex_art_data_file:dir This should be ok since apps are already allowed to read the contained files; the dir is iterated by tests to ensure that all files are signed correctly. Bug: 165630556 Test: new test passes Change-Id: Ib6c298f2b267839a802c17288230a8151a1eec86

commit: 4825e8662d84e01ea043a78a04130e86c014d8aa [log] [tgz]
author: Martijn Coenen <maco@google.com> Mon Mar 29 13:51:35 2021 +0200
committer: Martijn Coenen <maco@google.com> Mon Mar 29 13:51:47 2021 +0200
tree: aebc8228bfc73807db078a5dc75c3439272f9609
parent: 48740d0d6be5fec95ac5559df31817822308fe28 [diff]
diff --git a/private/app.te b/private/app.te
index 33593aa..0c81515 100644
--- a/private/app.te
+++ b/private/app.te

@@ -67,8 +67,10 @@
 allow appdomain font_data_file:file r_file_perms;
 allow appdomain font_data_file:dir r_dir_perms;
 
+# Enter /data/misc/apexdata/
+allow appdomain apex_module_data_file:dir search;
 # Read /data/misc/apexdata/com.android.art
-allow appdomain { apex_art_data_file apex_module_data_file }:dir search;
+allow appdomain apex_art_data_file:dir r_dir_perms;
 allow appdomain apex_art_data_file:file r_file_perms;
 
 # Allow access to tombstones if an fd to one is given to you.
commit	4825e8662d84e01ea043a78a04130e86c014d8aa	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Mon Mar 29 13:51:35 2021 +0200
committer	Martijn Coenen <maco@google.com>	Mon Mar 29 13:51:47 2021 +0200
tree	aebc8228bfc73807db078a5dc75c3439272f9609
parent	48740d0d6be5fec95ac5559df31817822308fe28 [diff]