Merge "Allow GKI APEX to use apexd:fd" am: 5f8de11dae Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1415170 Change-Id: I274cadfcc21f94ec642ce685af0c285c5b2eba5d

commit: 9822c7e5a1b3c9c401a9131500000bfc60ef0b24 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Sep 08 22:10:18 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Sep 08 22:10:18 2020 +0000
tree: 398dbc5015e8fc14818bcc0556c6875c578d97b4
parent: 8e0ea3114f07564efa84bc921d892b3db0fb9b8e [diff]
parent: 5f8de11daea087993bfcd5d61411ccad21e88966 [diff]
diff --git a/private/gki_apex_prepostinstall.te b/private/gki_apex_prepostinstall.te
index fa5cd14..1155389 100644
--- a/private/gki_apex_prepostinstall.te
+++ b/private/gki_apex_prepostinstall.te

@@ -18,3 +18,6 @@
 binder_use(gki_apex_prepostinstall)
 allow gki_apex_prepostinstall update_engine_stable_service:service_manager find;
 binder_call(gki_apex_prepostinstall, update_engine)
+
+# /dev/zero is inherited although it is not used. See b/126787589.
+allow gki_apex_prepostinstall apexd:fd use;
commit	9822c7e5a1b3c9c401a9131500000bfc60ef0b24	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Sep 08 22:10:18 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue Sep 08 22:10:18 2020 +0000
tree	398dbc5015e8fc14818bcc0556c6875c578d97b4
parent	8e0ea3114f07564efa84bc921d892b3db0fb9b8e [diff]
parent	5f8de11daea087993bfcd5d61411ccad21e88966 [diff]