sepolicy: Adjust policy for migrate_legacy_obb_data.sh
Required to check if migration is necessary and migrate obb contents
Bug: 136199978
Test: make
Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440
(cherry picked from commit 793dc8f8da2bbcb954670bfbd53a0038328e8473)
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
index 4bc1e2c..b2a1fb1 100644
--- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
+++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
@@ -10,6 +10,14 @@
allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
# TODO: This should not be necessary. We don't deliberately hand over
# any open file descriptors to this domain, so anything that triggers this
# should be a candidate for O_CLOEXEC.
diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te
index 4bc1e2c..b2a1fb1 100644
--- a/private/migrate_legacy_obb_data.te
+++ b/private/migrate_legacy_obb_data.te
@@ -10,6 +10,14 @@
allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
# TODO: This should not be necessary. We don't deliberately hand over
# any open file descriptors to this domain, so anything that triggers this
# should be a candidate for O_CLOEXEC.