From 3a8c5dc05fb7696dd81b8a7c1b2524224154e8ea Mon Sep 17 00:00:00 2001
From: Todd Poynor <toddpoynor@google.com>
Date: Thu, 10 Jul 2014 18:43:50 -0700
Subject: [PATCH] Allow oemfs search for system_server and bootanim

Address denials in devices that use /oem

Change-Id: I80b76bb58bab9b6c54d6550eb801664d82a4d403
---
 bootanim.te      | 3 +++
 system_server.te | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/bootanim.te b/bootanim.te
index 024d20cba..3a0a76f0f 100644
--- a/bootanim.te
+++ b/bootanim.te
@@ -8,3 +8,6 @@ binder_use(bootanim)
 binder_call(bootanim, surfaceflinger)
 
 allow bootanim gpu_device:chr_file rw_file_perms;
+
+# /oem access
+allow bootanim oemfs:dir search;
diff --git a/system_server.te b/system_server.te
index 3b3316052..d7453ad2f 100644
--- a/system_server.te
+++ b/system_server.te
@@ -388,6 +388,9 @@ allow system_server block_device:dir search;
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };
 
+# /oem access
+allow system_server oemfs:dir search;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab