Introduce apex_info_file type /apex/apex-info-file.xml is labeled as apex_info_file. It is created/written by apexd once by apexd, and can be read by zygote and system_server. The content of the file is essentially the same as the return value of getAllPackages() call to apexd. Bug: 154823184 Test: m Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2 (cherry picked from commit f1de4c02cc3da98d052ca81e48e7d4682eea6088) Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2

commit: 93a99cf8fcbd8f864918e54483d693e9ac5dcb5d [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon May 11 20:49:07 2020 +0900
committer: Jiyong Park <jiyong@google.com> Wed May 27 09:35:11 2020 +0900
tree: a31ff2ec51f229e4367aefd42e0a009c511a9a1f
parent: 5c8c93e33d9884324bbf9a647417e7cc2ed4fcda [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index bd87ead..4a3a538 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1094,6 +1094,9 @@
 # Allow system server to scan /apex for flattened APEXes
 allow system_server apex_mnt_dir:dir r_dir_perms;
 
+# Allow system server to read /apex/apex-info-list.xml
+allow system_server apex_info_file:file r_file_perms;
+
 # Allow system server to communicate to system-suspend's control interface
 allow system_server system_suspend_control_service:service_manager find;
 binder_call(system_server, system_suspend)
commit	93a99cf8fcbd8f864918e54483d693e9ac5dcb5d	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon May 11 20:49:07 2020 +0900
committer	Jiyong Park <jiyong@google.com>	Wed May 27 09:35:11 2020 +0900
tree	a31ff2ec51f229e4367aefd42e0a009c511a9a1f
parent	5c8c93e33d9884324bbf9a647417e7cc2ed4fcda [diff] [blame]