Allow system_server to read from postinstall scripts through STDIN.
Bug: 311377497
Test: -
1. system/update_engine/scripts/update_device.py out/dist/aosp_cf_x86_64_phone-ota-*.zip
2. Wait for update_engine to enter the postinstall stage.
3. adb shell update_engine_client --cancel
Change-Id: Ib0cbfc7b97d5ec24700ca71099e3a47af579fc8a
diff --git a/private/system_server.te b/private/system_server.te
index ba49367..fadaa28 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1650,6 +1650,10 @@
# /proc/self/fd/<fd> with a classloader.
allow system_server system_server_tmpfs:file open;
+# Allow system_server to read from postinstall scripts through STDIN, to check if the
+# otapreopt_script is still alive.
+allow system_server postinstall:fifo_file read;
+
# Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;