Allow files to be created /metadata/ota
This is required during OTA. File will be removed
once OTA update is completed.
Bug: 262407519
Test: OTA on Pixel
Change-Id: I8922ebaaa89f9075fe47d2b74f61071b657850f0
Signed-off-by: Akilesh Kailash <akailash@google.com>
diff --git a/private/snapuserd.te b/private/snapuserd.te
index 1be5a5e..2f2d3e7 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@@ -55,3 +55,8 @@
} snapuserd_prop:property_service set;
allow snapuserd self:anon_inode create_file_perms;
+
+# Allow to read/write/create OTA metadata files
+allow snapuserd metadata_file:dir search;
+allow snapuserd ota_metadata_file:dir rw_dir_perms;
+allow snapuserd ota_metadata_file:file create_file_perms;