Added permission to allow for ioctl to be added to install_data_file
This is in addition to allowing setting of extended attributes (for project quota IDs) on files and dirs and to enable project ID inheritance through FS_IOC_SETFLAGS
Bug: b/215154615
Test: atest installd/StorageHostTest
Test: atest installd/installd_service_test.cpp
Change-Id: I769ae7ed110175dbb5d511a4345c57057d71ae64
diff --git a/public/installd.te b/public/installd.te
index b0b2815..84ef1fd 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -115,9 +115,10 @@
allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
-# Allow setting extended attributes (for project quota IDs) on dirs
+# Allow setting extended attributes (for project quota IDs) on dirs and files
# and to enable project ID inheritance through FS_IOC_SETFLAGS
-allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
+# Added install_data_file to be able to create file under /data/misc/installd/ioctl_check
+allowxperm installd { app_data_file_type system_data_file install_data_file}:{ dir file } ioctl {
FS_IOC_FSGETXATTR
FS_IOC_FSSETXATTR
FS_IOC_GETFLAGS