Allow artd to scan system_data_file:dir on Wembley.main-16k-with-phones

This is for cleaning up obsolete managed files. Bug: 254013425 Test: m Change-Id: I3f701632fb341ef0a509cc57bf38950cd50fba3b
author: Jiakai Zhang <jiakaiz@google.com> 2023-01-04 12:27:36 +0000
committer: Jiakai Zhang <jiakaiz@google.com> 2023-01-04 13:44:52 +0000
commit: 98b7c7f259e6bb9d6138734c2e9d2c4dd1cf76d2 (patch)
tree: 27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent: be41797987350ad0b3d0b98a8dcc1bd3fc9966a0 (diff)
download: wembley-sepolicy-main-16k-with-phones.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index d4141b5..1e1bce7 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -257,6 +257,7 @@ full_treble_only(`
    ')
 
   neverallow ~{
+    artd
     apexd
     init
     installd
@@ -271,6 +272,8 @@ full_treble_only(`
     zygote
     } system_data_file:dir ~{ search getattr };
 
+  neverallow artd system_data_file:dir ~r_dir_perms;
+
   neverallow apexd system_data_file:dir ~r_dir_perms;
 
   neverallow init system_data_file:dir ~{
author	Jiakai Zhang <jiakaiz@google.com>	2023-01-04 12:27:36 +0000
committer	Jiakai Zhang <jiakaiz@google.com>	2023-01-04 13:44:52 +0000
commit	98b7c7f259e6bb9d6138734c2e9d2c4dd1cf76d2 (patch)
tree	27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent	be41797987350ad0b3d0b98a8dcc1bd3fc9966a0 (diff)
download	wembley-sepolicy-main-16k-with-phones.tar.gz