From 4cd7aa59693ef136efdcba37926f7fcb2f0a0ddd Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 20 Apr 2018 12:50:00 -0700
Subject: [PATCH] vendor_init: allow stat() of /data dir

avc: denied { getattr } for path="/data" scontext=u:r:vendor_init:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1

Bug: 78345561
Test: build/boot device. Denial is gone.
Change-Id: Ie858f1fe65aeb1845b00a5143c345e81aa2ec632
(cherry picked from commit 6f8d2628b368f4763a3a5c04df090c521c9661dd)
---
 public/vendor_init.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 135dfa859..d07987325 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -38,6 +38,8 @@ allow vendor_init self:global_capability_class_set { chown fowner fsetid };
 allow vendor_init unencrypted_data_file:dir search;
 allow vendor_init unencrypted_data_file:file r_file_perms;
 
+allow vendor_init system_data_file:dir getattr;
+
 allow vendor_init {
   file_type
   -core_data_file_type
-- 
GitLab