Allow artd to scan system_data_file:dir on Wembley. am: 98b7c7f259

Original change: https://android-review.googlesource.com/c/device/mediatek/wembley-sepolicy/+/2376031 Change-Id: I58228c2eace0ce0a70c84f47672739560b21f635 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Jiakai Zhang <jiakaiz@google.com> 2023-01-04 18:26:19 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-01-04 18:26:19 +0000
commit: a8a91310f19eb2957c762d29ad581bb9df871c8c (patch)
tree: 27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent: be41797987350ad0b3d0b98a8dcc1bd3fc9966a0 (diff)
parent: 98b7c7f259e6bb9d6138734c2e9d2c4dd1cf76d2 (diff)
download: wembley-sepolicy-a8a91310f19eb2957c762d29ad581bb9df871c8c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index d4141b5..1e1bce7 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -257,6 +257,7 @@ full_treble_only(`
    ')
 
   neverallow ~{
+    artd
     apexd
     init
     installd
@@ -271,6 +272,8 @@ full_treble_only(`
     zygote
     } system_data_file:dir ~{ search getattr };
 
+  neverallow artd system_data_file:dir ~r_dir_perms;
+
   neverallow apexd system_data_file:dir ~r_dir_perms;
 
   neverallow init system_data_file:dir ~{
author	Jiakai Zhang <jiakaiz@google.com>	2023-01-04 18:26:19 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-04 18:26:19 +0000
commit	a8a91310f19eb2957c762d29ad581bb9df871c8c (patch)
tree	27fe5e329ea6b08b7bef9118f4228f49dfe909d6
parent	be41797987350ad0b3d0b98a8dcc1bd3fc9966a0 (diff)
parent	98b7c7f259e6bb9d6138734c2e9d2c4dd1cf76d2 (diff)
download	wembley-sepolicy-a8a91310f19eb2957c762d29ad581bb9df871c8c.tar.gz