Allow system app and update_engine to read OTA from /vendor Introuducing vendor_boot_ota_file which will be used to allow reading OTAs from /vendor/boot_otas when BOARD_16K_OTA_MOVE_VENDOR := true is set. These OTAs will be read from settings app(system_app) and update engine. Test: m, m Settings && adb install -r $ANDROID_PRODUCT_OUT/system_ext/priv-app/Settings/Settings.apk Bug: 335022191 Change-Id: Ie42e0de12694ed74f9a98cd115f72d207f67c834

commit: b071882d76e536e0be1a32621f7945cb71cff54b [log] [tgz]
author: Pawan Wagh <waghpawan@google.com> Mon Apr 29 22:03:20 2024 +0000
committer: Pawan Wagh <waghpawan@google.com> Thu May 02 01:14:47 2024 +0000
tree: c6f79a273e143a38517f5319cdcbeb1c112bfce9
parent: 77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da [diff] [blame]
diff --git a/private/system_app.te b/private/system_app.te
index af9d168..5016a40 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -196,3 +196,6 @@
 neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
 # system_app should be the only domain writing the force l3 prop
 neverallow { domain -init -system_app } drm_forcel3_prop:property_service set;
+
+allow system_app vendor_boot_ota_file:dir { r_dir_perms };
+allow system_app vendor_boot_ota_file:file { r_file_perms };
commit	b071882d76e536e0be1a32621f7945cb71cff54b	[log] [tgz]
author	Pawan Wagh <waghpawan@google.com>	Mon Apr 29 22:03:20 2024 +0000
committer	Pawan Wagh <waghpawan@google.com>	Thu May 02 01:14:47 2024 +0000
tree	c6f79a273e143a38517f5319cdcbeb1c112bfce9
parent	77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da [diff] [blame]