From 628e7f7c504927724fff78fe5f122131543dfecd Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 2 Oct 2015 16:40:17 -0700
Subject: [PATCH] grant installd rx perms on toybox

Installd uses cp when relocating apps to sdcard.

avc: denied { execute } for name="toybox" dev="mmcblk0p10" ino=315 scontext=u:r:installd:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file

Bug: 24617685
Change-Id: Id1a3039bbfc187c074aa50d426278964c40e4bde
---
 installd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/installd.te b/installd.te
index 54f276a71..7f4074f2a 100644
--- a/installd.te
+++ b/installd.te
@@ -95,3 +95,6 @@ allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_da
 
 # Create and use pty created by android_fork_execvp().
 allow installd devpts:chr_file rw_file_perms;
+
+# execute toybox for app relocation
+allow installd toolbox_exec:file rx_file_perms;
-- 
GitLab