PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow update_engine to write snapshotctl log data

Browse Source 
recovery is excluded because it is not an interesting code
path.

Test: apply OTA, cancel, delete OTA states, then apply again
      to trigger CancelUpdate() code path, see logs

Bug: 148818798
Change-Id: I3baac977af54ac0a09c9b732fd172469c9f51627
This commit is contained in:
Yifan Hong 2020-02-04 16:37:52 -08:00
parent c98291c37c
commit 47ee18d67a
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
public/update_engine.te
View File

@ -75,3 +75,10 @@ set_prop(update_engine, ota_prop)
# gsi_metadata_file. We never apply OTAs when GSI is running, so just deny
# the access.
dontaudit update_engine gsi_metadata_file:dir search;
# Allow to write to snapshotctl_log logs.
# TODO(b/148818798) revert when parent bug is fixed.
userdebug_or_eng(`
allow update_engine snapshotctl_log_data_file:dir rw_dir_perms;
allow update_engine snapshotctl_log_data_file:file create_file_perms;
')