From b25fe91e2576fc22310f8d9c9bc33ef08c6972f2 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 8 Jul 2013 15:48:36 -0700
Subject: [PATCH] Grant fsetid Linux capability to vold.

This fixes the issue where paid apps failed to install via Google
Play with "Package file has a bad manifest" error. The issue appears
to be caused by vold being prevented by SELinux policy from setting
the setgid bit on the ASEC container directory into which the APK is
decrypted. As a result, the APK is not readable to PackageParser.

Bug: 9736808
Change-Id: I07546a9f9caac3de8b720499bd1bf1604edea0fe
---
 vold.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vold.te b/vold.te
index fe6c297d0..c41cc7213 100644
--- a/vold.te
+++ b/vold.te
@@ -17,7 +17,7 @@ allow vold sdcard_type:dir create_dir_perms;
 allow vold tmpfs:filesystem { mount unmount };
 allow vold tmpfs:dir create_dir_perms;
 allow vold tmpfs:dir mounton;
-allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner };
+allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
 allow vold self:netlink_kobject_uevent_socket *;
 allow vold app_data_file:dir search;
 allow vold app_data_file:file rw_file_perms;
-- 
GitLab