From ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 10 Oct 2014 16:11:03 -0700
Subject: [PATCH] allow oemfs:dir search

mediaserver and drmserver both have permission to read oemfs
related files. However, there are no search permissions on the
directory, so the files would be unreachable.

Grant search permissions on the oemfs directory, so that the files
within that directory can be read.

Bug: 17954291
Change-Id: I9e36dc7b940bd46774753c1fa07b0f47c36ff0db
---
 drmserver.te   | 1 +
 mediaserver.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/drmserver.te b/drmserver.te
index b4d741625..7bc9e6a3d 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -48,4 +48,5 @@ allow drmserver radio_data_file:file { read getattr };
 allow drmserver drmserver_service:service_manager add;
 
 # /oem access
+allow drmserver oemfs:dir search;
 allow drmserver oemfs:file r_file_perms;
diff --git a/mediaserver.te b/mediaserver.te
index 4d5657241..704b723d3 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -81,4 +81,5 @@ allow mediaserver tee:unix_stream_socket connectto;
 allow mediaserver mediaserver_service:service_manager add;
 
 # /oem access
+allow mediaserver oemfs:dir search;
 allow mediaserver oemfs:file r_file_perms;
-- 
GitLab