Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734"
* changes:
Allow system_server to verify installed apps
Fix denial for ioctl FS Verity
diff --git a/private/system_server.te b/private/system_server.te
index 553e0a4..df0dfa7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1108,6 +1108,8 @@
# Allow system process to measure fs-verity for apps, apps being installed and system files
allowxperm system_server { apk_data_file apk_tmp_file system_file }:file ioctl FS_IOC_MEASURE_VERITY;
+allowxperm system_server apk_tmp_file:file ioctl FS_IOC_SETFLAGS;
+allow system_server system_file:file ioctl;
# Postinstall
#