Merge "Allow system_server to read from postinstall scripts through STDIN." into main

commit: ca2f3851afaee866d37caae16598b3d5c20844d4 [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Fri May 31 14:43:51 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri May 31 14:43:51 2024 +0000
tree: 5fa0b8310722246358cc0917ef1bbc442415d145
parent: e65ff877d2a7b871c3ecf61ce0db5574ec796ffd [diff]
parent: 92768f7a41539936dd452531d8d2c5dfe5eb8293 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 8326628..406c146 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1652,6 +1652,10 @@
 # /proc/self/fd/<fd> with a classloader.
 allow system_server system_server_tmpfs:file open;
 
+# Allow system_server to read from postinstall scripts through STDIN, to check if the
+# otapreopt_script is still alive.
+allow system_server postinstall:fifo_file read;
+
 # Do not allow any domain other than init or system server to get or set the property
 neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
 neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
commit	ca2f3851afaee866d37caae16598b3d5c20844d4	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Fri May 31 14:43:51 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri May 31 14:43:51 2024 +0000
tree	5fa0b8310722246358cc0917ef1bbc442415d145
parent	e65ff877d2a7b871c3ecf61ce0db5574ec796ffd [diff]
parent	92768f7a41539936dd452531d8d2c5dfe5eb8293 [diff]