From 753b95fe4800feec888be4974b19fa8ad8af3c34 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Thu, 26 Mar 2015 12:40:07 -0700
Subject: [PATCH] Allow kernel to read asec_image_file.

Address the following denial encountered when installing a forward-locked apk.

 W loop0   : type=1400 audit(0.0:36): avc: denied { read } for path="/data/app-asec/smdl1061145377.tmp.asec" dev="mmcblk0p28" ino=180226 scontext=u:r:kernel:s0 tcontext=u:object_r:asec_image_file:s0 tclass=file

Bug: 19936901
Change-Id: I829858564a8f89677b2bb4cbd4c8fe4250ae51de
---
 kernel.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel.te b/kernel.te
index ff34ece6c..b9197e221 100644
--- a/kernel.te
+++ b/kernel.te
@@ -55,6 +55,7 @@ allow kernel sdcard_type:file { read write };
 #  * android.os.storage.cts.StorageManagerTest#testMountAndUnmountTwoObbs
 allow kernel vold:fd use;
 allow kernel app_data_file:file read;
+allow kernel asec_image_file:file read;
 
 ###
 ### neverallow rules
-- 
GitLab