Allow artd to scan system_data_file:dir on Wembley. am: 98b7c7f259 am: a8a91310f1

Original change: https://android-review.googlesource.com/c/device/mediatek/wembley-sepolicy/+/2376031 Change-Id: Iadf9cff6cca352ca5fd4f7a698b8214a1c4e4d53 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Jiakai Zhang <jiakaiz@google.com> 2023-01-04 19:00:49 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-01-04 19:00:49 +0000
commit: 36dda563b575fc41d9fd68fbf0c5d978173089e5 (patch)
tree: 27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent: 537e7f19ab4b9110bbab2aec201d6a2c349d984c (diff)
parent: a8a91310f19eb2957c762d29ad581bb9df871c8c (diff)
download: wembley-sepolicy-36dda563b575fc41d9fd68fbf0c5d978173089e5.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index d4141b5..1e1bce7 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -257,6 +257,7 @@ full_treble_only(`
    ')
 
   neverallow ~{
+    artd
     apexd
     init
     installd
@@ -271,6 +272,8 @@ full_treble_only(`
     zygote
     } system_data_file:dir ~{ search getattr };
 
+  neverallow artd system_data_file:dir ~r_dir_perms;
+
   neverallow apexd system_data_file:dir ~r_dir_perms;
 
   neverallow init system_data_file:dir ~{
author	Jiakai Zhang <jiakaiz@google.com>	2023-01-04 19:00:49 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-04 19:00:49 +0000
commit	36dda563b575fc41d9fd68fbf0c5d978173089e5 (patch)
tree	27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent	537e7f19ab4b9110bbab2aec201d6a2c349d984c (diff)
parent	a8a91310f19eb2957c762d29ad581bb9df871c8c (diff)
download	wembley-sepolicy-36dda563b575fc41d9fd68fbf0c5d978173089e5.tar.gz