allow priv_apps to read from incremental_control_file Denial messages: 02-21 20:19:41.817 1439 1439 I Binder:1439_3: type=1400 audit(0.0:1851): avc: denied { read } for path=2F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1 02-21 20:19:41.817 20337 20337 I Binder:20337_2: type=1400 audit(0.0:1852): avc: denied { getattr } for path=2F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1 app=com.android.vending Test: manual Change-Id: Ie188f294ea2a6aff71a49a6f17679c3cf810b69d

commit: 82ea55def0dc74f8b975a6f516afa9e483aad2cb [log] [tgz]
author: Songchun Fan <schfan@google.com> Fri Feb 21 17:41:40 2020 -0800
committer: Songchun Fan <schfan@google.com> Mon Feb 24 18:26:47 2020 +0000
tree: e6f5ee66025ebbf9dd4202c36683a9f44db79d04
parent: e39f8d23ede078a10653da7ef78c3c3ec5e591cf [diff] [blame]
diff --git a/private/priv_app.te b/private/priv_app.te
index 75e9732..dd4d5c7 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -150,6 +150,9 @@
 # the Incremental File System
 allowxperm priv_app apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE;
 
+# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
+allow priv_app incremental_control_file:file { read getattr };
+
 ###
 ### neverallow rules
 ###
commit	82ea55def0dc74f8b975a6f516afa9e483aad2cb	[log] [tgz]
author	Songchun Fan <schfan@google.com>	Fri Feb 21 17:41:40 2020 -0800
committer	Songchun Fan <schfan@google.com>	Mon Feb 24 18:26:47 2020 +0000
tree	e6f5ee66025ebbf9dd4202c36683a9f44db79d04
parent	e39f8d23ede078a10653da7ef78c3c3ec5e591cf [diff] [blame]