commit b071882d76e536e0be1a32621f7945cb71cff54b
author Pawan Wagh <waghpawan@google.com> Mon Apr 29 22:03:20 2024 +0000
committer Pawan Wagh <waghpawan@google.com> Thu May 02 01:14:47 2024 +0000
tree c6f79a273e143a38517f5319cdcbeb1c112bfce9
parent 77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da

Allow system app and update_engine to read OTA from /vendor

Introuducing vendor_boot_ota_file which will be used to allow
reading OTAs from /vendor/boot_otas when BOARD_16K_OTA_MOVE_VENDOR := true
is set. These OTAs will be read from settings app(system_app) and update
engine.

Test: m, m Settings && adb install -r $ANDROID_PRODUCT_OUT/system_ext/priv-app/Settings/Settings.apk
Bug: 335022191
Change-Id: Ie42e0de12694ed74f9a98cd115f72d207f67c834

private/update_engine.te

diff --git a/private/update_engine.te b/private/update_engine.te
index 6a60718..1a6d9c7 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -115,3 +115,6 @@
 # Allow determining filesystems available on system.
 # Needed for checking if overlayfs is enabled
 allow update_engine proc_filesystems:file r_file_perms;
+
+allow update_engine vendor_boot_ota_file:dir { r_dir_perms };
+allow update_engine vendor_boot_ota_file:file { r_file_perms };