aicp: sepolicy: updater app rules

Change-Id: I1f3fd45597abb29c99d6c4e31fc5de466b6c82ec
author: Ali B <abittin@gmail.com> 2021-03-19 22:39:58 +0300
committer: Ali B <abittin@gmail.com> 2021-04-11 13:40:24 +0300
commit: f4cc639736c058d93842d7e2289f791ff56f14af (patch)
tree: 6f456c0454f1697e6d6dee5d8f476d4b28fda59a
parent: fc1c062b0f4d6346eee4d8c8600dd086fbf14958 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/common/private/updater_app.te b/common/private/updater_app.te
new file mode 100644
index 0000000..a709b45
--- /dev/null
+++ b/common/private/updater_app.te
@@ -0,0 +1,18 @@
+# Read updates from storage data
+r_dir_file(updater_app, mnt_user_file)
+r_dir_file(updater_app, storage_file)
+
+# Allow to install OTA's from local storage
+allow updater_app backuptool:process noatsecure;
+allow updater_app media_rw_data_file:file { open read write getattr };
+
+allow updater_app app_data_file:dir create_dir_perms;
+allow updater_app app_data_file:{ file lnk_file } create_file_perms;
+
+allow updater_app cache_file:dir r_dir_perms;
+
+allow updater_app cache_recovery_file:dir rw_dir_perms;
+allow updater_app cache_recovery_file:file create_file_perms;
+
+allow updater_app ota_package_file:dir create_dir_perms;
+allow updater_app ota_package_file:file create_file_perms;
author	Ali B <abittin@gmail.com>	2021-03-19 22:39:58 +0300
committer	Ali B <abittin@gmail.com>	2021-04-11 13:40:24 +0300
commit	f4cc639736c058d93842d7e2289f791ff56f14af (patch)
tree	6f456c0454f1697e6d6dee5d8f476d4b28fda59a
parent	fc1c062b0f4d6346eee4d8c8600dd086fbf14958 (diff)