Allow composd to run fd_server Besides the basic execution that is similar to the (deprecating) odrefresh case, fd_server also needs to be able to create and change files in the output directory. Bug: 205750213 Test: /apex/com.android.compos/bin/composd_cmd forced-odrefresh # Saw composd started the fd_server and the VM Change-Id: Ia66015b72c4bd232c623604be326c7d7145c0a38

commit: 90b7b0039101c0ba05c58c2ebbd1e4a6f0345638 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Tue Nov 30 14:21:06 2021 -0800
committer: Victor Hsieh <victorhsieh@google.com> Tue Dec 07 08:07:50 2021 -0800
tree: 5e5848b494e9c82d226a966303724011f99e7207
parent: edf5fa00916c6e954d8aab9393c4328c1cc88c6b [diff] [blame]
diff --git a/private/odrefresh.te b/private/odrefresh.te
index e146938..9febf45 100644
--- a/private/odrefresh.te
+++ b/private/odrefresh.te

@@ -70,7 +70,7 @@
 dontaudit odrefresh adbd:unix_stream_socket { getattr read write };
 
 # No other processes should be creating files in the staging area.
-neverallow { domain -init -odrefresh } apex_art_staging_data_file:file open;
+neverallow { domain -init -odrefresh -compos_fd_server } apex_art_staging_data_file:file open;
 
 # No processes other than init, odrefresh and system_server access
 # odrefresh_data_files.
commit	90b7b0039101c0ba05c58c2ebbd1e4a6f0345638	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Tue Nov 30 14:21:06 2021 -0800
committer	Victor Hsieh <victorhsieh@google.com>	Tue Dec 07 08:07:50 2021 -0800
tree	5e5848b494e9c82d226a966303724011f99e7207
parent	edf5fa00916c6e954d8aab9393c4328c1cc88c6b [diff] [blame]