Allow derive_classpath to read /apex.

Individual apexes may contribute jars to BOOTCLASSPATH and friends. Configuration for these contributions are in /apex/foo/etc/ files that derive_classpath service reads and processes. Bug: 180105615 Test: presubmit && DeviceBootTest Change-Id: I61379e55f2ad55e1c65956b854e5a9b8872c61df
2021-03-29 15:39:33 +01:00 · 2021-03-29 15:39:33 +01:00 · 4c6d3081fd
commit 4c6d3081fd
parent 0b4677c566
1 changed files with 3 additions and 0 deletions
--- a/private/derive_classpath.te
+++ b/private/derive_classpath.te
@ -4,6 +4,9 @@ type derive_classpath, domain, coredomain;
 type derive_classpath_exec, system_file_type, exec_type, file_type;
 init_daemon_domain(derive_classpath)

+# Read /apex
+allow derive_classpath apex_mnt_dir:dir r_dir_perms;
+
 # Create /data/system/environ/classpath file
 allow derive_classpath environ_system_data_file:dir rw_dir_perms;
 allow derive_classpath environ_system_data_file:file create_file_perms;