Allow installd to chown/chmod app data files.

Addresses denials such as:
avc: denied { setattr } for comm="installd" name="com.android.calendar_preferences_no_backup.xml" dev="mmcblk0p28" ino=1499393 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file                                        avc: denied { setattr } for comm="installd" name="calendar_alerts.xml" dev="mmcblk0p28" ino=1499463 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file
avc: denied { setattr } for comm="installd" name="_has_set_default_values.xml" dev="mmcblk0p28" ino=1499428 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file

Change-Id: I0622f1a9d2b10e28be2616f91edf33bc048b4ac7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 1 insertions, 1 deletions

diff --git a/installd.te b/installd.te
index 90564d1..586f426 100644
--- a/installd.te
+++ b/installd.te
@@ -70,4 +70,4 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
 # Types extracted from seapp_contexts type= fields.
 allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { create_dir_perms relabelfrom relabelto };
 allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:lnk_file { create setattr getattr unlink rename relabelfrom relabelto };
-allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto };
+allow installd { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto setattr };