From 96d9af423575aec5559bd1a7094203c9e0586347 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 13 Jun 2014 09:05:26 -0700
Subject: [PATCH] allow system_server getattr on /data/dalvik-cache/profiles

867030517724036b64fcaf39deaba1b27f3ca77e wasn't complete. I thought
getattr on the directory wasn't needed but I was wrong. Not sure
how I missed this.

Addresses the following denial:

  <4>[   40.699344] type=1400 audit(15795140.469:9): avc: denied { getattr } for pid=1087 comm="system_server" path="/data/dalvik-cache/profiles" dev="mmcblk0p28" ino=105874 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_profiles_data_file:s0 tclass=dir

Change-Id: Ibc176b2b00083bafaa91ab78d0f8dc1ca3c208b6
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index fc0da2bee..a9e5f82fc 100644
--- a/system_server.te
+++ b/system_server.te
@@ -196,7 +196,7 @@ allow system_server dalvikcache_data_file:dir create_dir_perms;
 allow system_server dalvikcache_data_file:file create_file_perms;
 
 # Read from /data/dalvik-cache/profiles
-allow system_server dalvikcache_profiles_data_file:dir w_dir_perms;
+allow system_server dalvikcache_profiles_data_file:dir { getattr w_dir_perms };
 allow system_server dalvikcache_profiles_data_file:file create_file_perms;
 
 # Manage /data/misc/adb.
-- 
GitLab