[selinux] allow priv_app to get incremental progress This allows phonesky to get incremental install progress. Addresses denial message like below: W/BlockingExecuto: type=1400 audit(0.0:5582): avc: denied { ioctl } for path="/data/incremental/MT_data_app_vmdl133/mount/.index/04abf89d12c3fe8f6fe9b381a670255c" dev="incremental-fs" ino=52957 ioctlcmd=0x6722 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 app=com.android.vending Test: builds BUG: 172965880 Change-Id: Ibecd4e07746e7bb3ca6bdf762382744b38f677cb

commit: b4c9491aed442837558a2b860d8a0c2182ea5fd0 [log] [tgz]
author: Songchun Fan <schfan@google.com> Tue Feb 09 14:33:24 2021 -0800
committer: Songchun Fan <schfan@google.com> Tue Feb 09 22:46:27 2021 +0000
tree: d064fbe202c1d9278ed8737a155fe4186b276c7b
parent: 6691c9c411141894ac770d56ebc3a5ae49703be1 [diff] [blame]
diff --git a/private/priv_app.te b/private/priv_app.te
index 4b0218e..1857af8 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -156,11 +156,12 @@
 r_dir_file(priv_app, sysfs_fs_incfs_features)
 
 # allow apps like Phonesky to check the file signature of an apk installed on
-# the Incremental File System, fill missing blocks and get the app status
+# the Incremental File System, fill missing blocks and get the app status and loading progress
 allowxperm priv_app apk_data_file:file ioctl {
   INCFS_IOCTL_READ_SIGNATURE
   INCFS_IOCTL_FILL_BLOCKS
   INCFS_IOCTL_GET_BLOCK_COUNT
+  INCFS_IOCTL_GET_FILLED_BLOCKS
 };
 
 # allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
commit	b4c9491aed442837558a2b860d8a0c2182ea5fd0	[log] [tgz]
author	Songchun Fan <schfan@google.com>	Tue Feb 09 14:33:24 2021 -0800
committer	Songchun Fan <schfan@google.com>	Tue Feb 09 22:46:27 2021 +0000
tree	d064fbe202c1d9278ed8737a155fe4186b276c7b
parent	6691c9c411141894ac770d56ebc3a5ae49703be1 [diff] [blame]