From 29b9532a9e775184ae47025d3c6aa2c719806483 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 4 Dec 2015 09:05:02 -0800
Subject: [PATCH] shell.te: Allow read access to system_file

Certain tests depend on the ability to examine directories
in /system. Allow it to the shell user.

Addresses the following denials:

  avc: denied { read } for name="egl" dev="dm-1" ino=104 scontext=u:r:shell:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug: 26020967
Bug: 26023420
Change-Id: I509d921e159e99164c85fae9e8b2982a47573d14
---
 shell.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/shell.te b/shell.te
index e0c318fc1..90b12d87b 100644
--- a/shell.te
+++ b/shell.te
@@ -52,6 +52,7 @@ allow shell tty_device:chr_file rw_file_perms;
 allow shell console_device:chr_file rw_file_perms;
 allow shell input_device:dir r_dir_perms;
 allow shell input_device:chr_file rw_file_perms;
+r_dir_file(shell, system_file)
 allow shell system_file:file x_file_perms;
 allow shell toolbox_exec:file rx_file_perms;
 allow shell shell_exec:file rx_file_perms;
-- 
GitLab