commit ce6e2987de0c6b1f1f031b8366174443be8f799f
author Alan Stokes <alanstokes@google.com> Tue Dec 21 14:43:39 2021 +0000
committer Alan Stokes <alanstokes@google.com> Tue Jan 04 09:14:05 2022 +0000
tree 1f1df17647c870c4804930845ff4cf58e94dd862
parent 0878ac4c476b8141e124af7e80f285ecb795551d

Allow composd to delete ART staging files

If the directory is non-empty when we start we need to delete
everything in it, but didn't have enough access:

avc: denied { getattr } for
path="/data/misc/apexdata/com.android.art/staging/boot-framework.art"
dev="dm-37" ino=57755 scontext=u:r:composd:s0
tcontext=u:object_r:apex_art_staging_data_file:s0 tclass=file
permissive=0

Bug: 205750213
Test: create files in staging/, composd_cmd test-compile
Change-Id: I3a66db7f5fbff82abcf547cb1c2b24e9c53ab158

private/composd.te

diff --git a/private/composd.te b/private/composd.te
index 5b8f586..dd61e39 100644
--- a/private/composd.te
+++ b/private/composd.te
@@ -16,6 +16,7 @@
 # Prepare staging directory for odrefresh
 allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
 allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
+allow composd apex_art_staging_data_file:file { getattr unlink };
 
 # Delete files in the odrefresh target directory
 allow composd apex_art_data_file:file unlink;