Allow apexd to call derive_classpath binary This will allow apexd to determine if a staged apex contributes to classpath or not. Bug: 187444679 Test: atest ApexTestCases Test: atest StagedInstallInternalTest Change-Id: I336001ef1dab3aa45835662eecc02d63645b5980

commit: 9237163c26ef76246c29ddb6a63b0dab42b44414 [log] [tgz]
author: Samiul Islam <samiul@google.com> Fri Oct 08 12:35:22 2021 +0100
committer: Samiul Islam <samiul@google.com> Thu Oct 28 16:27:09 2021 +0100
tree: e4e96f96337e9aa7a6f5a75b1925015ea6579eaa
parent: 43352fab2d9054d59f66342697010b6436faa1d6 [diff] [blame]
diff --git a/private/apexd_derive_classpath.te b/private/apexd_derive_classpath.te
new file mode 100644
index 0000000..d4c5496
--- /dev/null
+++ b/private/apexd_derive_classpath.te

@@ -0,0 +1,9 @@
+# Exclusive domain for apexd calling into derive_classpath binary
+type apexd_derive_classpath, domain, coredomain;
+
+# Allow the binary to write into output file at location /apex/derive_classpath_temp
+allow apexd_derive_classpath apexd:fd use;
+allow apexd_derive_classpath apex_mnt_dir:file { write open };
+# Allow the binary to log using logwrap
+allow apexd_derive_classpath apexd_devpts:chr_file { read write };
+
commit	9237163c26ef76246c29ddb6a63b0dab42b44414	[log] [tgz]
author	Samiul Islam <samiul@google.com>	Fri Oct 08 12:35:22 2021 +0100
committer	Samiul Islam <samiul@google.com>	Thu Oct 28 16:27:09 2021 +0100
tree	e4e96f96337e9aa7a6f5a75b1925015ea6579eaa
parent	43352fab2d9054d59f66342697010b6436faa1d6 [diff] [blame]