From aeada24741ebf3a93422881d51fd72ba77593a6b Mon Sep 17 00:00:00 2001
From: Jaekyun Seok <jaekyun@google.com>
Date: Wed, 19 Apr 2017 13:05:37 +0900
Subject: [PATCH] Allow installd to read vendor_overlay_file

installd needs to check whether idmap is outdated or not compared to
vendor overlay file.

Test: building succeeded and tested on sailfish.
Bug: 37179531
Change-Id: I934c1ae39e3f806bca1e3d68cf8190addeebb499
---
 public/domain.te   | 2 ++
 public/installd.te | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/public/domain.te b/public/domain.te
index e75ce1a4b..3ebacad0f 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -658,6 +658,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:dir { getattr open read search };
@@ -667,6 +668,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:{ file lnk_file } r_file_perms;
diff --git a/public/installd.te b/public/installd.te
index 774ba49e1..c5b45b461 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -29,6 +29,8 @@ r_dir_file(installd, rootfs)
 r_dir_file(installd, system_file)
 # Scan through APKs in /vendor/app
 r_dir_file(installd, vendor_app_file)
+# Scan through Runtime Resource Overlay APKs in /vendor/overlay
+r_dir_file(installd, vendor_overlay_file)
 # Get file context
 allow installd file_contexts_file:file r_file_perms;
 # Get seapp_context
-- 
GitLab