selinux: allow system server access aconfigd socket During storage migration, we need to route aconfig flag write requests from settingsprovider to aconfig storage daemon via aconfigd unix domain socket. Bug: b/312444587 Test: m and avd Change-Id: I051d1ed42bf51f2ebd90cbd590237cd9213f0bde

commit: 62f4363b39d8b0a75d736a9bd4972190f67bfe32 [log] [tgz]
author: Dennis Shen <dzshen@google.com> Thu May 02 18:20:25 2024 +0000
committer: Dennis Shen <dzshen@google.com> Thu May 02 18:20:25 2024 +0000
tree: bd5e5cb6460d62757510912d261fd2bd278c4ef6
parent: 1c9073773233fe598a89250e32d6ed3d1abd8d8c [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 5c210c3..52b7684 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1493,6 +1493,9 @@
 allow system_server aconfig_storage_flags_metadata_file:file create_file_perms;
 allow system_server aconfig_storage_metadata_file:dir search;
 
+allow system_server aconfigd_socket:sock_file {read write};
+allow system_server aconfigd:unix_stream_socket connectto;
+
 allow system_server aconfig_test_mission_files:dir create_dir_perms;
 allow system_server aconfig_test_mission_files:file create_file_perms;
commit	62f4363b39d8b0a75d736a9bd4972190f67bfe32	[log] [tgz]
author	Dennis Shen <dzshen@google.com>	Thu May 02 18:20:25 2024 +0000
committer	Dennis Shen <dzshen@google.com>	Thu May 02 18:20:25 2024 +0000
tree	bd5e5cb6460d62757510912d261fd2bd278c4ef6
parent	1c9073773233fe598a89250e32d6ed3d1abd8d8c [diff] [blame]