From d0e9cb055392dfc4597c5dccf1d8ab507f43da26 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Fri, 7 Apr 2017 17:35:21 -0700
Subject: [PATCH] Sepolicy: Give otapreopt_slot read on A/B artifact links

Add read rights for du.

Bug: 30832951
Test: m
Change-Id: I1186ff995684844e9c6092b5ae65c19172fefbbe
---
 public/otapreopt_slot.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/otapreopt_slot.te b/public/otapreopt_slot.te
index 5f037c56a..6551864c3 100644
--- a/public/otapreopt_slot.te
+++ b/public/otapreopt_slot.te
@@ -11,6 +11,8 @@ type otapreopt_slot_exec, exec_type, file_type;
 # the directory afterwards. For logging of aggregate size, we need getattr.
 allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir };
 allow otapreopt_slot ota_data_file:{ file lnk_file } getattr;
+# (du follows symlinks)
+allow otapreopt_slot ota_data_file:lnk_file read;
 
 # Delete old content of the dalvik-cache.
 allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write };
-- 
GitLab