From 9bef25026b43ccfb656a3a53b74a787ca3376227 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 8 Apr 2015 10:42:30 -0700
Subject: [PATCH] system_server: support hard linking for split APKs

Commit 85ce2c706e95f96c95b3af418b7bda0bfe9918f4 removed hard link
support from create_file_perms, but system_server requires hard
link support for split APKs. Allow it.

Addresses the following denial:

  audit(0.0:152): avc: denied { link } for name="base.apk" dev="dm-0" ino=816009 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0

Steps to reproduce:
1) Find the directory "hellogoogle3.splitapk"
2) adb install-multiple -r hellogoogle3_incremental.apk
3) adb install-multiple -r -p com.google.android.samples.hellogoogle3 native.apk

Expected:
  2nd APK installs successfully.

Actual:
  2nd APK fails to install.

Change-Id: Ib69fc70dd1c7cd158590db3fd117d6b05acf1cf7
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index a0286287f..a2cfeba2f 100644
--- a/system_server.te
+++ b/system_server.te
@@ -175,7 +175,7 @@ allow system_server keychain_data_file:file create_file_perms;
 
 # Manage /data/app.
 allow system_server apk_data_file:dir create_dir_perms;
-allow system_server apk_data_file:file create_file_perms;
+allow system_server apk_data_file:file { create_file_perms link };
 allow system_server apk_tmp_file:dir create_dir_perms;
 allow system_server apk_tmp_file:file create_file_perms;
 
-- 
GitLab