From d82df3bdb8e544fda0cd8250fa3aa527883db643 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Thu, 2 Jun 2016 15:44:12 +0100
Subject: [PATCH] sepolicy: broaden system_server access to
 foreign_dex_data_file.

The system_server needs to rename these files when an app is upgraded.

bug: 28998083
Change-Id: Idb0c1ae774228faaecc359e4e35603dbb534592a
---
 system_server.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system_server.te b/system_server.te
index b205c2429..e1b2f5842 100644
--- a/system_server.te
+++ b/system_server.te
@@ -15,8 +15,8 @@ allow system_server dalvikcache_data_file:dir r_dir_perms;
 # We need search on top level directories so that we can get to the files
 allow system_server user_profile_data_file:dir search;
 allow system_server user_profile_data_file:file getattr;
-allow system_server user_profile_foreign_dex_data_file:dir { open read write search remove_name };
-allow system_server user_profile_foreign_dex_data_file:file { getattr unlink };
+allow system_server user_profile_foreign_dex_data_file:dir { add_name open read write search remove_name };
+allow system_server user_profile_foreign_dex_data_file:file { getattr rename unlink };
 
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
-- 
GitLab