From 88cd813fe2c537a1490dfe6d65e3adde4e13eef2 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Mon, 19 Mar 2018 11:29:25 +0800
Subject: [PATCH] Allow dexopt to follow /odm/lib(64) symlinks.

Several /odm/* symlinks are added in the following change, to fallback
to /vendor/odm/* when there is no /odm partition on the device.

  https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/638159/

This change allows dexopt operations to 'getattr' those symlinks during
OTA.

Bug: 75287236
Test: boot a device
Change-Id: I2710ce5e2c47eb1a3432123ab49f1b6f3dcb4ffe
---
 public/dex2oat.te            | 2 +-
 public/postinstall_dexopt.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/dex2oat.te b/public/dex2oat.te
index 47f3bcb60..608ba7987 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -44,7 +44,7 @@ allow dex2oat postinstall_dexopt:fd use;
 
 allow dex2oat postinstall_file:dir { getattr search };
 allow dex2oat postinstall_file:filesystem getattr;
-allow dex2oat postinstall_file:lnk_file read;
+allow dex2oat postinstall_file:lnk_file { getattr read };
 
 # Allow dex2oat access to files in /data/ota.
 allow dex2oat ota_data_file:dir ra_dir_perms;
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8881f4414..82215300a 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -9,7 +9,7 @@ allow postinstall_dexopt self:global_capability_class_set { chown dac_override f
 
 allow postinstall_dexopt postinstall_file:filesystem getattr;
 allow postinstall_dexopt postinstall_file:dir { getattr search };
-allow postinstall_dexopt postinstall_file:lnk_file read;
+allow postinstall_dexopt postinstall_file:lnk_file { getattr read };
 allow postinstall_dexopt proc_filesystems:file { getattr open read };
 allow postinstall_dexopt tmpfs:file read;
 
-- 
GitLab