Allow shell to read /vendor/apex/* It is used for future xTS tests to read the raw files. Bug: 190858091 Test: m Change-Id: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365

commit: abdc9739fc13412ea72f24eef2058ca584a65ae7 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Jun 14 08:30:43 2021 +0900
committer: Jiyong Park <jiyong@google.com> Mon Jun 14 08:30:43 2021 +0900
tree: 3604fe192a4dccf758573410bf81fea4f7f5ce27
parent: 953aa5643fac20da14c83a2ee50e5d5926992d1c [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index 26f6d95..6ff5056 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -114,8 +114,10 @@
 allow shell self:perf_event { open read write kernel };
 neverallow shell self:perf_event ~{ open read write kernel };
 
-# Allow shell to read /apex/apex-info-list.xml
+# Allow shell to read /apex/apex-info-list.xml and the vendor apexes
 allow shell apex_info_file:file r_file_perms;
+allow shell vendor_apex_file:file r_file_perms;
+allow shell vendor_apex_file:dir r_dir_perms;
 
 # Set properties.
 set_prop(shell, shell_prop)
commit	abdc9739fc13412ea72f24eef2058ca584a65ae7	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Jun 14 08:30:43 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Mon Jun 14 08:30:43 2021 +0900
tree	3604fe192a4dccf758573410bf81fea4f7f5ce27
parent	953aa5643fac20da14c83a2ee50e5d5926992d1c [diff] [blame]