Merge "Allow profman to read from memfd created by artd." into main am: b6a3360ea3 am: 9eed36d267 am: 91ca4a04eb am: f95122eba0 am: abb28b0f70

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2778047 Change-Id: If18de2b0e14f7427347ef71e923bdac4f43d355b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-12 18:06:29 +00:00 · 2023-10-12 18:06:29 +00:00 · 50e2efa295
commit 50e2efa295
parent 58292c9602 abb28b0f70
1 changed files with 5 additions and 0 deletions
--- a/private/profman.te
+++ b/private/profman.te
@ -10,3 +10,8 @@ allow profman {

 # Allow profman to use file descriptors passed from privileged programs.
 allow profman { artd installd }:fd use;
+
+# Allow profman to read from memfd created by artd.
+# profman needs to read the embedded profile that artd extracts from an APK,
+# which is passed by a memfd.
+allow profman artd_tmpfs:file { getattr read map lock };