Allow adbd to pull sepolicy from device.

Address the following denial when running CTS: avc: denied { search } for comm=73657276696365203136 name="/" dev="selinuxfs" ino=1 scontext=u:r:adbd:s0 tcontext=u:object_r:selinuxfs:s0 tclass=dir permissive=0 Bug: 26290097 Change-Id: Icf51061a65a5fda15f7e7ef78200a62ffbd1ca9b

Allow adbd to pull sepolicy from device.
0fb0ab41 · dcashman · dc37ea73 · 0fb0ab41
Commit 0fb0ab41 authored 9 years ago by dcashman
--- a/adbd.te
+++ b/adbd.te
@@ -86,6 +86,9 @@ allow adbd appdomain:unix_stream_socket connectto;
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;

+# Allow pulling the SELinux policy for CTS purposes
+allow adbd selinuxfs:dir r_dir_perms;
+allow adbd selinuxfs:file r_file_perms;
 allow adbd kernel:security read_policy;

 allow adbd surfaceflinger_service:service_manager find;