Sepolicy: Move otapreopt_chroot to private Move complete domain to private/. Move referencing parts in domain and kernel to private. Bug: 128840749 Test: m Change-Id: I5572c3b04e41141c8f4db62b1361e2b392a5e2da

commit: d6fdcefaa8344b65e1320b978e5bbe11eec44c24 [log] [tgz]
author: Andreas Gampe <agampe@google.com> Mon Mar 18 10:54:42 2019 -0700
committer: Andreas Gampe <agampe@google.com> Mon Mar 18 10:54:42 2019 -0700
tree: 6b6fccdc97c0e64b1b33e3613bc85c6bfc448ccb
parent: ac9cd71feda148fde182e57978e460d6de116847 [diff] [blame]
diff --git a/private/kernel.te b/private/kernel.te
index a4e6ebe..207800e 100644
--- a/private/kernel.te
+++ b/private/kernel.te

@@ -1,3 +1,8 @@
 typeattribute kernel coredomain;
 
 domain_auto_trans(kernel, init_exec, init)
+
+# Allow the kernel to read otapreopt_chroot's file descriptors and files under
+# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
+allow kernel otapreopt_chroot:fd use;
+allow kernel postinstall_file:file read;
commit	d6fdcefaa8344b65e1320b978e5bbe11eec44c24	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Mon Mar 18 10:54:42 2019 -0700
committer	Andreas Gampe <agampe@google.com>	Mon Mar 18 10:54:42 2019 -0700
tree	6b6fccdc97c0e64b1b33e3613bc85c6bfc448ccb
parent	ac9cd71feda148fde182e57978e460d6de116847 [diff] [blame]