Allow init to mkdir inside /data/gsi. Bug: 133435561 Test: adb shell gsi_tool install Change-Id: Iaa610c72d8098e157bb89e321624369f86f4ea19

commit: 0b1094cc235ade62c7c54f509975447aad6c1ce7 [log] [tgz]
author: David Anderson <dvander@google.com> Thu May 23 13:44:22 2019 -0700
committer: David Anderson <dvander@google.com> Thu May 23 13:45:00 2019 -0700
tree: 6f09b3473bd2a38e3fc0f5202e40159d58f27d3b
parent: 0f0fbd44f9bb002c5b35f64918122a56d1d072ea [diff]
diff --git a/private/gsid.te b/private/gsid.te
index 5dcf746..1a35a4b 100644
--- a/private/gsid.te
+++ b/private/gsid.te

@@ -118,6 +118,7 @@
 neverallow {
     domain
     -gsid
+    -init
 } gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 
 neverallow {

diff --git a/public/init.te b/public/init.te
index 86e0d32..adeaeb0 100644
--- a/public/init.te
+++ b/public/init.te

@@ -170,7 +170,6 @@
   file_type
   -app_data_file
   -exec_type
-  -gsi_data_file
   -iorapd_data_file
   -keystore_data_file
   -misc_logd_file
commit	0b1094cc235ade62c7c54f509975447aad6c1ce7	[log] [tgz]
author	David Anderson <dvander@google.com>	Thu May 23 13:44:22 2019 -0700
committer	David Anderson <dvander@google.com>	Thu May 23 13:45:00 2019 -0700
tree	6f09b3473bd2a38e3fc0f5202e40159d58f27d3b
parent	0f0fbd44f9bb002c5b35f64918122a56d1d072ea [diff]