Sync internal master and AOSP sepolicy.
Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
diff --git a/private/storaged.te b/private/storaged.te
index d5abd73..8da1f26 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -15,6 +15,10 @@
# Read /data/system/packages.list
allow storaged system_data_file:file r_file_perms;
+# Store storaged proto file
+allow storaged storaged_data_file:dir rw_dir_perms;
+allow storaged storaged_data_file:file create_file_perms;
+
userdebug_or_eng(`
# Read access to debugfs
allow storaged debugfs_mmc:dir search;
@@ -43,6 +47,9 @@
# Implements a dumpsys interface.
allow storaged dumpstate:fd use;
+# use a subset of the package manager service
+allow storaged package_native_service:service_manager find;
+
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
dontaudit storaged self:capability dac_override;