Merge "Allow installd to read vendor_overlay_file" into oc-dev
diff --git a/public/domain.te b/public/domain.te
index f75b531..8ccf532 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -695,6 +695,7 @@
-appdomain
-idmap
-init
+ -installd
-system_server
-zygote
} vendor_overlay_file:dir { getattr open read search };
@@ -704,6 +705,7 @@
-appdomain
-idmap
-init
+ -installd
-system_server
-zygote
} vendor_overlay_file:{ file lnk_file } r_file_perms;
diff --git a/public/installd.te b/public/installd.te
index 774ba49..c5b45b4 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -29,6 +29,8 @@
r_dir_file(installd, system_file)
# Scan through APKs in /vendor/app
r_dir_file(installd, vendor_app_file)
+# Scan through Runtime Resource Overlay APKs in /vendor/overlay
+r_dir_file(installd, vendor_overlay_file)
# Get file context
allow installd file_contexts_file:file r_file_perms;
# Get seapp_context