Allow apps to access PersistentDataBlockManager
A new public API was added in Android 15, allowing any app to
query the factory reset protection state. SELinux configuration
prevents apps from using this API.
Bug: 367750496
Test: atest CtsPersistentDataBlockManagerTestCases
Change-Id: Id24ba37a4e1389a118011066180b7af8713fd3b2
diff --git a/private/app.te b/private/app.te
index c51ba8b..6362c7d 100644
--- a/private/app.te
+++ b/private/app.te
@@ -167,6 +167,8 @@
use_credstore({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all })
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } persistent_data_block_service:service_manager find;
+
# For app fuse.
pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }, display_client)
pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }, display_manager)
diff --git a/public/service.te b/public/service.te
index 0982629..8f1245d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -198,7 +198,7 @@
type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type permission_checker_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
+type persistent_data_block_service, app_api_service, system_api_service, system_server_service, service_manager_type;
type pinner_service, system_server_service, service_manager_type;
type powerstats_service, app_api_service, system_server_service, service_manager_type;
type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;