Give adbd and shell read access to /apex/apex-info-list.xml /apex/apex-info-list.xml is used by ART mainline module, hence it needs to have CTS test for it. Giving adbd and shell read-only permission allows us to write host-driven CTS test that pull /apex/apex-info-list.xml from the device and inspects it's content. Similar (albeit not exactly the same information) is already available via PackageManager APIs/PackageManager shell command. Bug: 190185664 Test: m Test: adb shell cat /apex/apex-info-list.xml Change-Id: Ib7f2ca79a7493f8cd40d0c419569e85135f6bbda

commit: 681ad260b430ce61dbc76d237b107481288cd7ef [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Thu Jun 10 15:37:25 2021 +0100
committer: Nikita Ioffe <ioffe@google.com> Thu Jun 10 19:57:17 2021 +0100
tree: 369ea2bd58b83b819dfc7082796b0e0f1db7dd8f
parent: 03b80a12e4a6b287d4f21576b30a61fe1b293c08 [diff]
diff --git a/private/adbd.te b/private/adbd.te
index 52070cb..c2c6164 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -217,6 +217,9 @@
 allow adbd apex_data_file:dir search;
 allow adbd staging_data_file:file r_file_perms;
 
+# Allow adbd to pull /apex/apex-info-list.xml for CTS tests.
+allow adbd apex_info_file:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###

diff --git a/private/shell.te b/private/shell.te
index 26f6d95..1dda977 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -200,3 +200,6 @@
 
 # Allow ReadDefaultFstab() for CTS.
 read_fstab(shell)
+
+# Allow shell read access to /apex/apex-info-list.xml for CTS.
+allow shell apex_info_file:file r_file_perms;
commit	681ad260b430ce61dbc76d237b107481288cd7ef	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Thu Jun 10 15:37:25 2021 +0100
committer	Nikita Ioffe <ioffe@google.com>	Thu Jun 10 19:57:17 2021 +0100
tree	369ea2bd58b83b819dfc7082796b0e0f1db7dd8f
parent	03b80a12e4a6b287d4f21576b30a61fe1b293c08 [diff]