From f51c05485c9a3bd3da54c1e2e102d1988136080d Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Mon, 28 Mar 2016 22:56:36 +0100
Subject: [PATCH] Give dex2oat getattr rights on profiles

Similar to profman, dex2oat does more checks on profiles now.
It needs to be able to do stat to test for existance and non-emptiness.

03-28 10:41:06.667  8611  8611 W dex2oat : type=1400 audit(0.0:129):
avc: denied { getattr } for
path="/data/misc/profiles/ref/com.google.android.apps.magazines/primary.prof"
dev="dm-0" ino=636928 scontext=u:r:dex2oat:s0
tcontext=u:object_r:user_profile_data_file:s0 tclass=file permissive=0

Bug: 27860201
Change-Id: I3a7cb396596ae28a375ea98224ada29f093f475e
---
 dex2oat.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dex2oat.te b/dex2oat.te
index 58fcef8e4..abdacebe8 100644
--- a/dex2oat.te
+++ b/dex2oat.te
@@ -15,7 +15,7 @@ allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
 allow dex2oat apk_tmp_file:file read;
-allow dex2oat user_profile_data_file:file {read lock};
+allow dex2oat user_profile_data_file:file { getattr read lock };
 
 ##################
 # A/B OTA Dexopt #
-- 
GitLab