From 4fc702eccf2c427a44da4b02342250094ab61192 Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Wed, 9 Oct 2013 17:55:45 -0700
Subject: DO NOT MERGE Fix denials seen during device upgrade.

Fixes:
denied  { relabelto } for  pid=721 comm="PackageManager" name="vmdl-112554949.tmp" dev="mmcblk0p30" ino=712747 scontext=u:r:system:s0 tcontext=u:object_r:apk_private_tmp_file:s0 tclass=file
denied  { create } for  pid=240 comm="vold" name="smdl2tmp1.asec" scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file

Bug: 11149726
Change-Id: Iddc7592c757375a961f0d392c27622073c141b36
---
 system.te | 1 +
 vold.te   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/system.te b/system.te
index 24d4a67..795c0b8 100644
--- a/system.te
+++ b/system.te
@@ -16,3 +16,4 @@ allow system backup_data_file:dir relabelto;
 allow system cache_backup_file:dir relabelto;
 allow system apk_data_file:file relabelto;
 allow system apk_tmp_file:file relabelto;
+allow system apk_private_tmp_file:file relabelto;
diff --git a/vold.te b/vold.te
index 25e586a..1fce7bd 100644
--- a/vold.te
+++ b/vold.te
@@ -50,6 +50,7 @@ allow vold efs_file:file rw_file_perms;
 
 # Create and mount on /data/tmp_mnt.
 allow vold system_data_file:dir { create rw_dir_perms mounton };
+allow vold system_data_file:file create_file_perms;
 
 # Set scheduling policy of kernel processes
 allow vold kernel:process setsched;
-- 
cgit v1.2.3