From f8fd5ab2e0fd0d78ec2506629bbb76a3f3b8ef86 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Mon, 15 Jun 2015 22:18:32 -0700
Subject: [PATCH] installd restorecon now requires getattr.

avc: denied { getattr } for path="/mnt/expand" dev="tmpfs" ino=3146 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0

Bug: 21856349
Change-Id: Ib9984182a71408d5cb803d453f148856b68569e3
---
 installd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installd.te b/installd.te
index 18d6c6d1f..bc4c23ec2 100644
--- a/installd.te
+++ b/installd.te
@@ -22,7 +22,7 @@ allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd system_file:file x_file_perms;
 allow installd cgroup:dir create_dir_perms;
-allow installd mnt_expand_file:dir search;
+allow installd mnt_expand_file:dir { search getattr };
 # Check validity of SELinux context before use.
 selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts
-- 
GitLab