From 94cb11fb2f8ad88075613f4b0b35624fb5858457 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 30 Mar 2016 12:22:15 -0700
Subject: [PATCH] priv_app: allow safetynet to read exec_type on /system

Bug: 27545805
Change-Id: I6281dd64c51f74b467deb7acd5cd4403696dcff2
---
 priv_app.te | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/priv_app.te b/priv_app.te
index 67e91cdb2..b2b9e579a 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -70,9 +70,8 @@ userdebug_or_eng(`
   allow priv_app perfprofd_data_file:dir r_dir_perms;
 ')
 
-# Allow GMS core to stat files and executables on
-# the system partition
-allow priv_app exec_type:file getattr;
+# Allow GMS core to scan executables on the system partition
+allow priv_app exec_type:file { getattr read open };
 
 # For AppFuse.
 allow priv_app vold:fd use;
-- 
GitLab