From 9a3d1c6bbe73d3e5cfeb582564f971bc1cbe155a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 25 Nov 2015 09:31:40 -0800
Subject: [PATCH] Perms back to domain

allow reading symlinks in /data and getattr in /system

Change-Id: I8cc9ca056725cf10ebfeef474ebf9c80c5300a73
---
 domain.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 105072556..f1b0d58b3 100644
--- a/domain.te
+++ b/domain.te
@@ -84,12 +84,13 @@ allow domain vold:key search;
 write_logd(domain)
 
 # System file accesses.
-allow domain system_file:dir search;
+allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
 # files under /data.
 allow domain system_data_file:dir { search getattr };
+allow domain system_data_file:lnk_file read;
 
 # required by the dynamic linker
 allow domain proc:lnk_file read;
-- 
GitLab