From 269c9665aeaecfefb70cf13449c118952816f91c Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Fri, 6 Apr 2018 12:55:22 +0100
Subject: [PATCH] Grant traced_probes search on directories.

This is needed to be able to scan the labels we have
permission on.

Denial:

04-06 12:52:22.674   874   874 W traced_probes: type=1400 audit(0.0:10314): avc: denied { search } for name="backup" dev="sda45" ino=6422529 scontext=u:r:traced_probes:s0 tcontext=u:object_r:backup_data_file:s0 tclass=dir permissive=0

Bug: 73625480

cherry-picked from aosp/658243
Change-Id: I52f3865952004bfc6fe22c488d768276866f8ae1
Merged-In: I52f3865952004bfc6fe22c488d768276866f8ae1
---
 private/traced_probes.te | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/private/traced_probes.te b/private/traced_probes.te
index e6a3dfe32..5d80f7e8b 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -37,17 +37,17 @@ allow traced_probes system_file:dir { open read };
 # Allow traced_probes to list some of the data partition.
 allow traced_probes self:capability dac_read_search;
 
-allow traced_probes apk_data_file:dir { getattr open read };
-allow traced_probes dalvikcache_data_file:dir { getattr open read };
+allow traced_probes apk_data_file:dir { getattr open read search };
+allow traced_probes dalvikcache_data_file:dir { getattr open read search };
 userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read };
+allow traced_probes system_data_file:dir { getattr open read search };
 ')
-allow traced_probes system_app_data_file:dir { getattr open read };
-allow traced_probes backup_data_file:dir { getattr open read };
-allow traced_probes bootstat_data_file:dir { getattr open read };
-allow traced_probes update_engine_data_file:dir { getattr open read };
-allow traced_probes update_engine_log_data_file:dir { getattr open read };
-allow traced_probes user_profile_data_file:dir { getattr open read };
+allow traced_probes system_app_data_file:dir { getattr open read search };
+allow traced_probes backup_data_file:dir { getattr open read search };
+allow traced_probes bootstat_data_file:dir { getattr open read search };
+allow traced_probes update_engine_data_file:dir { getattr open read search };
+allow traced_probes update_engine_log_data_file:dir { getattr open read search };
+allow traced_probes user_profile_data_file:dir { getattr open read search };
 
 # Allow traced_probes to run atrace. atrace pokes at system services to enable
 # their userspace TRACE macros.
-- 
GitLab