Add policies for permission APEX data directory. Bug: 136503238 Test: presubmit Change-Id: I636ab95070df4c58cf2c98b395d99cb807a7f243

commit: f301cd299bf5ba99762c449b54f165ee35048026 [log] [tgz]
author: Hai Zhang <zhanghai@google.com> Thu Jan 16 15:47:02 2020 -0800
committer: Hai Zhang <zhanghai@google.com> Thu Jan 16 16:08:55 2020 -0800
tree: 99e58314cb503ef0a1f069d5418169836c19a218
parent: 41a1b4af9c7425d5d17bc967f33a079d0b28a609 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index ec79319..4bcb104 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1051,6 +1051,11 @@
 allow system_server vendor_apex_file:dir { getattr search };
 allow system_server vendor_apex_file:file r_file_perms;
 
+# Allow the system server to manage relevant apex module data files.
+allow system_server apex_module_data_file:dir { getattr search };
+allow system_server apex_permission_data_file:dir create_dir_perms;
+allow system_server apex_permission_data_file:file create_file_perms;
+
 # Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
 # communicate which slots are available for use.
 allow system_server metadata_file:dir search;
commit	f301cd299bf5ba99762c449b54f165ee35048026	[log] [tgz]
author	Hai Zhang <zhanghai@google.com>	Thu Jan 16 15:47:02 2020 -0800
committer	Hai Zhang <zhanghai@google.com>	Thu Jan 16 16:08:55 2020 -0800
tree	99e58314cb503ef0a1f069d5418169836c19a218
parent	41a1b4af9c7425d5d17bc967f33a079d0b28a609 [diff] [blame]