From 8464d79877ffef391253e46ece90f54c95a7a3d9 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Fri, 4 Jan 2019 16:40:56 +0000
Subject: [PATCH] Allow the system user to read apex_data_file.

For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.

Test: m
Change-Id: I8795b26b9a40ba7126c2a548fbec82ff322a1453
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 483fc5160..0ec6e17cb 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -544,7 +544,7 @@ on post-fs-data
 
     mkdir /data/anr 0775 system system
 
-    mkdir /data/apex 0770 root root
+    mkdir /data/apex 0750 root system
     mkdir /data/staging 0750 system system
 
     # NFC: create data/nfc for nv storage