From 1817cbde1452fb0cba8682d54f20da8048661c64 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Wed, 21 Nov 2018 13:34:34 -0800
Subject: [PATCH] Allow to execute postinstall in adb sideload

In recovery, everything is labeled rootfs, including
/system/bin/*. Allow postinstall to execute them in recovery.

Test: sideload
Bug: 116608795
Fixes: 119877813
Change-Id: I5682bdecd0df1cb9ff3bc968ea29449b0b8588f4
---
 public/postinstall.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/postinstall.te b/public/postinstall.te
index 7fd4dc611..2ef68bdff 100644
--- a/public/postinstall.te
+++ b/public/postinstall.te
@@ -19,6 +19,11 @@ allow postinstall shell_exec:file rx_file_perms;
 allow postinstall system_file:file rx_file_perms;
 allow postinstall toolbox_exec:file rx_file_perms;
 
+# Allow postinstall to execute shell in recovery.
+recovery_only(`
+  allow postinstall rootfs:file rx_file_perms;
+')
+
 #
 # For OTA dexopt.
 #
-- 
GitLab