allow com.android.vending to access vendor_apex_file Widevine is now in an APEX. com.android.vending tries to access widevine apex, which results in a sepolicy error. Modifying sepolicy to allow com.android.vending to access apex directory. Bug: 247100406 Test: https://android-build.googleplex.com/builds/abtd/run/L54600000956675013 Change-Id: Ie73411dbe1c35027cb498c2cfa6847515a41d08a

commit: dfb318272560ac991a14c95e25911b67cfd8e620 [log] [tgz]
author: Deyao Ren <deyaoren@google.com> Mon Oct 03 22:32:09 2022 +0000
committer: Jooyung Han <jooyung@google.com> Tue Nov 15 13:28:49 2022 +0900
tree: 954faf19b1a77e9133703cd190b6b5846eb955b6
parent: 069b9502b11ed4b4eb1fe2656c000f87bc33dac0 [diff]
diff --git a/private/priv_app.te b/private/priv_app.te
index 4dcd1fb..8c965fc 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -190,6 +190,11 @@
 # Required for Phonesky to be able to read staged files under /data/app-staging.
 allow priv_app staging_data_file:dir r_dir_perms;
 
+# Allow com.android.vending to access files under vendor/apex as well as system apex files.
+# This is required for com.android.vending to handle APEXes for e.g. delta patch optimization.
+allow priv_app vendor_apex_file:dir r_dir_perms;
+allow priv_app vendor_apex_file:file r_file_perms;
+
 # allow priv app to access the system app data files for ContentProvider case.
 allow priv_app system_app_data_file:file { read getattr };
commit	dfb318272560ac991a14c95e25911b67cfd8e620	[log] [tgz]
author	Deyao Ren <deyaoren@google.com>	Mon Oct 03 22:32:09 2022 +0000
committer	Jooyung Han <jooyung@google.com>	Tue Nov 15 13:28:49 2022 +0900
tree	954faf19b1a77e9133703cd190b6b5846eb955b6
parent	069b9502b11ed4b4eb1fe2656c000f87bc33dac0 [diff]