Allow system_server to enable fs-verity. Bug: 253568736 Test: atest PackageManagerSettingsTests Change-Id: I2fc59d6441eca95b349aebaa633a15584c7ef744

commit: ff577a00b845ea51bca74869cab37bfb6de9da27 [log] [tgz]
author: Alex Buynytskyy <alexbuy@google.com> Tue Dec 13 20:12:21 2022 -0800
committer: Alex Buynytskyy <alexbuy@google.com> Tue Dec 20 15:36:26 2022 -0800
tree: 3dded856073525c08ad06aefa7e77bd208c005c6
parent: a0f59cffe208ed087630922436d6cf9aa632eabf [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 54ad242..fd515f1 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1086,7 +1086,7 @@
 allow system_server toolbox_exec:file rx_file_perms;
 
 # Allow system process to setup fs-verity
-allowxperm system_server apk_data_file:file ioctl FS_IOC_ENABLE_VERITY;
+allowxperm system_server { apk_data_file system_data_file apex_system_server_data_file }:file ioctl FS_IOC_ENABLE_VERITY;
 
 # Allow system process to measure fs-verity for apps, apps being installed and system files
 allowxperm system_server { apk_data_file apk_tmp_file system_file }:file ioctl FS_IOC_MEASURE_VERITY;
commit	ff577a00b845ea51bca74869cab37bfb6de9da27	[log] [tgz]
author	Alex Buynytskyy <alexbuy@google.com>	Tue Dec 13 20:12:21 2022 -0800
committer	Alex Buynytskyy <alexbuy@google.com>	Tue Dec 20 15:36:26 2022 -0800
tree	3dded856073525c08ad06aefa7e77bd208c005c6
parent	a0f59cffe208ed087630922436d6cf9aa632eabf [diff]