From 179ada913c62672d512c55ac2b60ece3c80073b2 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Mon, 14 Jan 2019 09:10:24 +0100
Subject: [PATCH] Allow apexd to also create dirs/files in its storage.

Bug: 118865310
Test: no denials when running ApexServiceTest#SubmitSessionTestSuccess
Change-Id: I9a309fca99c23ca7db4af58db782a2bd6a83d829
---
 private/apexd.te | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/private/apexd.te b/private/apexd.te
index 4850d617d..595903569 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -6,9 +6,9 @@ init_daemon_domain(apexd)
 allow apexd apex_key_file:dir { search getattr };
 allow apexd apex_key_file:file r_file_perms;
 
-# Allow reading and writing of APEX files in the APEX data dir
-allow apexd apex_data_file:dir rw_dir_perms;
-allow apexd apex_data_file:file rw_file_perms;
+# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
+allow apexd apex_data_file:dir create_dir_perms;
+allow apexd apex_data_file:file create_file_perms;
 
 # allow apexd to create loop devices with /dev/loop-control
 allow apexd loop_control_device:chr_file rw_file_perms;
-- 
GitLab