Fix denials encountered while getting bugreports.

Bug: 10498304 Change-Id: I312665a2cd09fa16ae3f3978aebdb0da99cf1f74

Fix denials encountered while getting bugreports.
81560733 · Geremy Condra · 765e95f9 · 81560733 · 81560733 · 81560733
Commit 81560733 authored 11 years ago by Geremy Condra
--- a/app.te
+++ b/app.te
@@ -76,8 +76,8 @@ allow appdomain isolated_app:unix_stream_socket { read write };
 # Backup ability for every app. BMS opens and passes the fd
 # to any app that has backup ability. Hence, no open permissions here.
-allow appdomain backup_data_file:file { read write };
+allow appdomain backup_data_file:file { read write getattr };
-allow appdomain  cache_backup_file:file { read write };
+allow appdomain cache_backup_file:file { read write getattr };
 # Backup ability using 'adb backup'
 allow appdomain system_data_file:lnk_file getattr;

--- a/domain.te
+++ b/domain.te
@@ -81,7 +81,7 @@ allow domain system_data_file:file { getattr read };
 allow domain system_data_file:lnk_file read;
 # Read apk files under /data/app.
-allow domain apk_data_file:dir search;
+allow domain apk_data_file:dir { getattr search };
 allow domain apk_data_file:file r_file_perms;
 # Read /data/dalvik-cache.

--- a/zygote.te
+++ b/zygote.te
@@ -12,7 +12,7 @@ allow zygote self:capability setpcap;
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
 # Allow zygote to read app data dirs (b/10455872)
-allow zygote appdomain:dir search;
+allow zygote appdomain:dir { getattr search };
 allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };