update aconfigd selinux policy For aconfigd test, for atest to work, the shell domain needs to be able to connect to aconfigd_socket. In addition, aconfigd needs to be able to access the test storage files as shell_data_file. All these policies are only needed for userdebug_or_eng build. Bug: 312459182 Test: m, launch avd, atest, then audit2allow, no avc denials found Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c

commit: 89a2c6988a9f4f7ccd265d74d3af042648e51aff [log] [tgz]
author: Dennis Shen <dzshen@google.com> Tue Mar 19 02:33:00 2024 +0000
committer: Dennis Shen <dzshen@google.com> Tue Mar 19 12:24:23 2024 +0000
tree: 3dc120d99eb62a111e45f76e987bf9168cd23392
parent: b229d824ad3ed93c2ffc12fe94352b233eb44630 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index 2b7bd88..1d59a5d 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -267,3 +267,9 @@
 
 # Allow shell to execute oatdump.
 allow shell oatdump_exec:file rx_file_perms;
+
+# Allow shell access to socket for test
+userdebug_or_eng(`
+    allow shell aconfigd_socket:sock_file write;
+    allow shell aconfigd:unix_stream_socket connectto;
+')
commit	89a2c6988a9f4f7ccd265d74d3af042648e51aff	[log] [tgz]
author	Dennis Shen <dzshen@google.com>	Tue Mar 19 02:33:00 2024 +0000
committer	Dennis Shen <dzshen@google.com>	Tue Mar 19 12:24:23 2024 +0000
tree	3dc120d99eb62a111e45f76e987bf9168cd23392
parent	b229d824ad3ed93c2ffc12fe94352b233eb44630 [diff] [blame]