Merge "Allow apexd to label apk_tmp_file to apex_data_file" am: cc18ba7039 am: d23d33922c am: 0abebec441 Change-Id: I8ff1727e4c85ae956491338606b3a563cb3a927a

commit: f15f087cc5f7f4642fc6d9caeeb606e7c4ce0b17 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Dec 03 17:09:05 2018 -0800
committer: android-build-merger <android-build-merger@google.com> Mon Dec 03 17:09:05 2018 -0800
tree: e5613c3d1569403f436cc5cde9fa456071383dbe
parent: c30f69e84f00e69a2904f7b884b2226ebd992d61 [diff]
parent: 0abebec4418101afab1dfe9b0825338bb0104ee4 [diff]
diff --git a/private/apexd.te b/private/apexd.te
index 61e099b..7a1e4e2 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -40,6 +40,11 @@
 # allow apexd to create symlinks in /apex
 allow apexd apex_mnt_dir:lnk_file create_file_perms;
 
+# allow apexd to relabel apk_tmp_file to apex_data_file.
+# TODO(b/112669193) remove this when APEXes are staged via file descriptor
+allow apexd apk_tmp_file:file relabelfrom;
+allow apexd apex_data_file:file relabelto;
+
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
commit	f15f087cc5f7f4642fc6d9caeeb606e7c4ce0b17	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Dec 03 17:09:05 2018 -0800
committer	android-build-merger <android-build-merger@google.com>	Mon Dec 03 17:09:05 2018 -0800
tree	e5613c3d1569403f436cc5cde9fa456071383dbe
parent	c30f69e84f00e69a2904f7b884b2226ebd992d61 [diff]
parent	0abebec4418101afab1dfe9b0825338bb0104ee4 [diff]