Allow dexopt to follow /odm/lib(64) symlinks.

Several /odm/* symlinks are added in the following change, to fallback to /vendor/odm/* when there is no /odm partition on the device. https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/638159/ This change allows dexopt operations to 'getattr' those symlinks during OTA. Bug: 75287236 Test: boot a device Change-Id: I2710ce5e2c47eb1a3432123ab49f1b6f3dcb4ffe Merged-In: I2710ce5e2c47eb1a3432123ab49f1b6f3dcb4ffe (cherry picked from commit 88cd813f)

Allow dexopt to follow /odm/lib(64) symlinks.
e3972606 · Bowgo Tsai · dddda727 · e3972606 · e3972606
Commit e3972606 authored 7 years ago by Bowgo Tsai
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -44,7 +44,7 @@ allow dex2oat postinstall_dexopt:fd use;
 allow dex2oat postinstall_file:dir { getattr search };
 allow dex2oat postinstall_file:filesystem getattr;
-allow dex2oat postinstall_file:lnk_file read;
+allow dex2oat postinstall_file:lnk_file { getattr read };
 # Allow dex2oat access to files in /data/ota.
 allow dex2oat ota_data_file:dir ra_dir_perms;

--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -9,7 +9,7 @@ allow postinstall_dexopt self:global_capability_class_set { chown dac_override f
 allow postinstall_dexopt postinstall_file:filesystem getattr;
 allow postinstall_dexopt postinstall_file:dir { getattr search };
-allow postinstall_dexopt postinstall_file:lnk_file read;
+allow postinstall_dexopt postinstall_file:lnk_file { getattr read };
 allow postinstall_dexopt proc_filesystems:file { getattr open read };
 allow postinstall_dexopt tmpfs:file read;