From d33568264f0843feafc2d17c38e863f914f1fc57 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Wed, 9 Jul 2014 14:58:46 -0700
Subject: [PATCH] Let DCS read staged APK clusters.

DCS is DefaultContainerService.

avc: denied { getattr } for path="/data/app/vmdl2.tmp"
    dev="mmcblk0p28" ino=162910 scontext=u:r:platform_app:s0
    tcontext=u:object_r:apk_tmp_file:s0 tclass=dir

Bug: 14975160
Change-Id: Ifca9afb4e74ebbfbeb8c01e1e9ea65f5b55e9375
---
 platform_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/platform_app.te b/platform_app.te
index 01517204a..7ff8d62e2 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -13,6 +13,7 @@ allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
 # Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
 # created by system server.
+allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
 allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
 allow platform_app apk_private_data_file:dir search;
 # ASEC
-- 
GitLab