From bc5731ae65e2204e6aeee915e91a9eff6b46e59d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 9 May 2014 11:17:51 -0700
Subject: [PATCH] Allow installd to create the lib symlink for
 system_app_data_file

91a4f8d4fdab7df8474c2ffaa996c879166d8a4c created system_app_data_file,
and assigned all system_apps to use this file type. For testing purposes,
our automated testing infrastructure sideloads shared system UID apks.
Installd does not have permission to create the lib symlink, so the
installation fails.

Allow installd to create this symlink.

  repro:
  adb install AppLaunch.apk
  276 KB/s (8414 bytes in 0.029s)
         pkg: /data/local/tmp/AppLaunch.apk
  Failure [INSTALL_FAILED_INTERNAL_ERROR]

  logcat:
  05-08 23:16:36.336   605   637 I PackageManager: Copying native libraries to /data/app-lib/vmdl609237490
  05-08 23:16:36.338   605   637 W asset   : Installing empty resources in to table 0x5e89a368
  05-08 23:16:36.359   193   193 W installd: type=1400 audit(0.0:29): avc:  denied  { create } for  name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=lnk_file
  05-08 23:16:36.363   193   193 E installd: couldn't symlink directory '/data/data/com.android.tests.applaunch/lib' -> '/data/app-lib/com.android.tests.applaunch-1': Permission denied
  05-08 23:16:36.364   605   637 W PackageManager: Failed linking native library dir (user=0)
  05-08 23:16:36.364   605   637 W PackageManager: Package couldn't be installed in /data/app/com.android.tests.applaunch-1.apk

Bug: 14659632
Change-Id: Iac4890302cd070aa3f71553af217f343ed7b8bc3
---
 installd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installd.te b/installd.te
index 5ff68f3de..2634b7550 100644
--- a/installd.te
+++ b/installd.te
@@ -31,6 +31,7 @@ allow installd bluetooth_data_file:lnk_file { create setattr };
 allow installd nfc_data_file:lnk_file { create setattr };
 allow installd radio_data_file:lnk_file { create setattr };
 allow installd shell_data_file:lnk_file { create setattr };
+allow installd system_app_data_file:lnk_file { create setattr };
 # restorecon /data/data
 allow installd unlabeled:dir relabelfrom;
 allow installd unlabeled:notdevfile_class_set relabelfrom;
-- 
GitLab