Allow system_server to read tombstones.

Address denials such as: avc: denied { read } for name="tombstones" dev="dm-0" ino=765537 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir avc: denied { open } for name="tombstones" dev="dm-0" ino=765537 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir avc: denied { getattr } for path="/data/tombstones/tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file avc: denied { read } for name="tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file avc: denied { open } for name="tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file Change-Id: Iae5a10bed9483589660b84a88b6b9f8f8e9a8f5c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow system_server to read tombstones.
782e084d · Stephen Smalley · 45206a38 · 782e084d
Commit 782e084d authored 10 years ago by Stephen Smalley
--- a/system_server.te
+++ b/system_server.te
@@ -211,6 +211,10 @@ allow system_server radio_data_file:file create_file_perms;
 allow system_server systemkeys_data_file:dir create_dir_perms;
 allow system_server systemkeys_data_file:file create_file_perms;
+# Access /data/tombstones.
+allow system_server tombstone_data_file:dir r_dir_perms;
+allow system_server tombstone_data_file:file r_file_perms;
 # Manage /data/misc/vpn.
 allow system_server vpn_data_file:dir create_dir_perms;
 allow system_server vpn_data_file:file create_file_perms;