From 13bdd39cf1c4aa1f86623820aea167abf1b263f2 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Thu, 12 May 2016 17:38:59 +0100
Subject: [PATCH] sepolicy: broaden system_server access to
 foreign_dex_data_file{dir}.

The system_server needs to clear these markers along with other app
data that it's responsible for clearing.

bug: 28510916
Change-Id: If9ba8b5b372cccefffd03ffddc51acac8e0b4649
---
 system_server.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system_server.te b/system_server.te
index 493022828..6b2fa7e0c 100644
--- a/system_server.te
+++ b/system_server.te
@@ -15,8 +15,8 @@ allow system_server dalvikcache_data_file:dir r_dir_perms;
 # We need search on top level directories so that we can get to the files
 allow system_server user_profile_data_file:dir search;
 allow system_server user_profile_data_file:file getattr;
-allow system_server user_profile_foreign_dex_data_file:dir search;
-allow system_server user_profile_foreign_dex_data_file:file getattr;
+allow system_server user_profile_foreign_dex_data_file:dir { open read write search remove_name };
+allow system_server user_profile_foreign_dex_data_file:file { getattr unlink };
 
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
-- 
GitLab