commit d33155be26f401fdbc6ca824e639d33876fc8212
author Sen Jiang <senj@google.com> Fri Nov 20 16:09:14 2015 -0800
committer Sen Jiang <senj@google.com> Fri Nov 20 16:13:02 2015 -0800
tree ff31ac088661ef75e8c3d721b8db76bc46fd173d
parent bcf31c786a5d0a18c04972255fb246777f3a1004

Add bspatch to update_engine_exec.

This allow bspatch to have same perssion as update_engine.

Also added a rule to allow update_engine to execute bspatch.

Bug: 24478450
Test: No more permission deny during delta update.

Change-Id: If94bc703b2f3fc32f901f0d7f300934316d4e9a4

file_contexts

diff --git a/file_contexts b/file_contexts
index 942b7e6..a74f8f8 100644
--- a/file_contexts
+++ b/file_contexts
@@ -200,6 +200,7 @@
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
+/system/bin/bspatch              u:object_r:update_engine_exec:s0
 
 #############################
 # Vendor files

update_engine.te

diff --git a/update_engine.te b/update_engine.te
index 839d6b7..ea7fcaf 100644
--- a/update_engine.te
+++ b/update_engine.te
@@ -10,6 +10,7 @@
 allow update_engine self:process { setsched };
 allow update_engine self:capability { fowner sys_admin };
 allow update_engine kmsg_device:chr_file w_file_perms;
+allow update_engine update_engine_exec:file rx_file_perms;
 wakelock_use(update_engine);
 
 # Allow using persistent storage in /data/misc/update_engine.