Adding more permission for selinux to some attributes and flags Test: atest installd/StorageHostTest Test: atest installd/installd_service_test.cpp Change-Id: I7a2d4055b7e4050394304a92279c595d2153da23

commit: ddfb8a99cccdbcb1719792d6a11106cc623b8830 [log] [tgz]
author: Shikha Malhotra <shikhamalhotra@google.com> Wed Dec 29 16:29:18 2021 +0000
committer: Shikha Malhotra <shikhamalhotra@google.com> Sat Feb 19 14:35:55 2022 +0000
tree: 907e0fe4ba46c2bfc9ff3a6aa97a9990ae594cf3
parent: 2f2ff42a2449afd3e88be283b39b492ae206a662 [diff]
diff --git a/public/installd.te b/public/installd.te
index 1ef4fc7..b0b2815 100644
--- a/public/installd.te
+++ b/public/installd.te

@@ -115,6 +115,15 @@
 allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
 allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
 
+# Allow setting extended attributes (for project quota IDs) on dirs
+# and to enable project ID inheritance through FS_IOC_SETFLAGS
+allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
+  FS_IOC_FSGETXATTR
+  FS_IOC_FSSETXATTR
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+};
+
 # Similar for the files under /data/misc/profiles/
 allow installd user_profile_root_file:dir { create_dir_perms relabelfrom };
 allow installd user_profile_data_file:dir { create_dir_perms relabelto };
commit	ddfb8a99cccdbcb1719792d6a11106cc623b8830	[log] [tgz]
author	Shikha Malhotra <shikhamalhotra@google.com>	Wed Dec 29 16:29:18 2021 +0000
committer	Shikha Malhotra <shikhamalhotra@google.com>	Sat Feb 19 14:35:55 2022 +0000
tree	907e0fe4ba46c2bfc9ff3a6aa97a9990ae594cf3
parent	2f2ff42a2449afd3e88be283b39b492ae206a662 [diff]