Fix denial for ioctl FS Verity For unknown reason, denial still happens with system app after applying ag/20712480. This commit adds a work around to fix this. Bug: 258093107 Fixes: 272530397 Test: flash build, pair watch with phone, check SE denials log (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ade3b2183d850fd508569782e35a59ef2bd4dce) Merged-In: I16932c793c5ca144746d0903ed1826c1847d2add Change-Id: I16932c793c5ca144746d0903ed1826c1847d2add

commit: af6035c64f8f0700e1aa086412be870d7e13ed25 [log] [tgz]
author: Eric Rahm <erahm@google.com> Wed Apr 19 23:29:28 2023 +0000
committer: Eric Rahm <erahm@google.com> Thu Apr 20 00:02:07 2023 +0000
tree: de45241e569ea2e3a9c4179db4da0182712a371a
parent: d073bd42097bd1381f8a27ebe9f44c58665716ff [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 7fea6e7..0306598 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1107,6 +1107,7 @@
 
 # Allow system process to measure fs-verity for apps, apps being installed and system files
 allowxperm system_server { apk_data_file apk_tmp_file system_file }:file ioctl FS_IOC_MEASURE_VERITY;
+allow system_server system_file:file ioctl;
 
 # Postinstall
 #
commit	af6035c64f8f0700e1aa086412be870d7e13ed25	[log] [tgz]
author	Eric Rahm <erahm@google.com>	Wed Apr 19 23:29:28 2023 +0000
committer	Eric Rahm <erahm@google.com>	Thu Apr 20 00:02:07 2023 +0000
tree	de45241e569ea2e3a9c4179db4da0182712a371a
parent	d073bd42097bd1381f8a27ebe9f44c58665716ff [diff] [blame]