Allow vold to check apex files
avc: denied { getattr } for
path="/vendor/apex/com.android.vndk.current.on_vendor.apex"
dev="overlay" ino=237 scontext=u:r:vold:s0
tcontext=u:object_r:vendor_apex_file:s0 tclass=file
permissive=0
Bug: 176128259
Test: boot
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I5778c287a5a8a95f812210a4ab545897b2bf09de
diff --git a/public/vold.te b/public/vold.te
index 9ec6bd1..9c06433 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -294,6 +294,9 @@
allow vold gsi_metadata_file:dir r_dir_perms;
allow vold gsi_metadata_file:file r_file_perms;
+# vold might need to search loopback apex files
+allow vold vendor_apex_file:file r_file_perms;
+
neverallow {
domain
-vold