Allow system_server to read apex_data_file. For consistency with APKs, signature verification is performed in the system_server. This includes checking that the signature of an updated install matches the signature of the active package that it updates. For this, it requires search access to /data/apex and read access to the files under that directory. Test: m Change-Id: Ia073adb8892886e4767fa5529e95c110b9cbff1b

commit: 9f343b32be0a15139b0a9f51d864cc4f9b7eeed4 [log] [tgz]
author: Narayan Kamath <narayan@google.com> Fri Jan 04 16:22:19 2019 +0000
committer: Narayan Kamath <narayan@google.com> Tue Jan 08 11:55:01 2019 +0000
tree: b0d9a524f826201cec40e48b1720e3fa9c25e3bf
parent: 4d399f606f70a3981d3e33ab7318412e59d730a7 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index f3d2ffd..4581417 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -963,6 +963,13 @@
 allow system_server apex_service:service_manager find;
 allow system_server apexd:binder call;
 
+# Allow the system server to read files under /data/apex. The system_server
+# needs these privileges to compare file signatures while processing installs.
+#
+# Only apexd is allowed to create new entries or write to any file under /data/apex.
+allow system_server apex_data_file:dir search;
+allow system_server apex_data_file:file r_file_perms;
+
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
commit	9f343b32be0a15139b0a9f51d864cc4f9b7eeed4	[log] [tgz]
author	Narayan Kamath <narayan@google.com>	Fri Jan 04 16:22:19 2019 +0000
committer	Narayan Kamath <narayan@google.com>	Tue Jan 08 11:55:01 2019 +0000
tree	b0d9a524f826201cec40e48b1720e3fa9c25e3bf
parent	4d399f606f70a3981d3e33ab7318412e59d730a7 [diff] [blame]