From 2a2a4936c2223e9b3a70b177a97c270aa1aa2740 Mon Sep 17 00:00:00 2001
From: Takeshi Aimi <takeshi.aimi@sonymobile.com>
Date: Tue, 26 Nov 2013 20:19:08 +0900
Subject: [PATCH] DO NOT MERGE: Make bluetooth, nfc, radio and shell
 adb-installable

bluetooth, nfc, radio and shell are not explicitly declared
in installd.te. This prevents applications in those group
from upgrading by "adb install -r".

You can reproduce the issue by following step:
 1. adb pull /system/priv-app/Shell.apk
 2. adb install -r Shell.apk
 3. install failed with the error log blow

[Error in logcat]
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied

[Error in dmesg]
<5>[  112.053301] type=1400 audit(1387412796.071:10): avc:  denied  { create } for  pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file

This operation fails only if the app belongs to any of the
groups specified in the commit title.

(cherry picked from commit f5e90004a30a2cb5c1a1d70134a32d68994e2568)

Bug: 13450421
Change-Id: Ie38d05c1306bebd90b0f15c1d4e1a55f6798d497
---
 installd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installd.te b/installd.te
index db7653136..85ba69f88 100644
--- a/installd.te
+++ b/installd.te
@@ -27,3 +27,7 @@ security_access_policy(installd)
 allow installd platform_app_data_file:lnk_file { create setattr };
 allow installd app_data_file:lnk_file { create setattr };
 allow installd asec_apk_file:file r_file_perms;
+allow installd bluetooth_data_file:lnk_file { create setattr };
+allow installd nfc_data_file:lnk_file { create setattr };
+allow installd radio_data_file:lnk_file { create setattr };
+allow installd shell_data_file:lnk_file { create setattr };
-- 
GitLab