Allow reading of /data/security/current symlink.

If we are going to allow all domains to search and stat the contents of /data/security, then we should also allow them to read the /data/security/current symlink created by SELinuxPolicyInstallReceiver to the directory containing the current policy update. Change-Id: Ida352ed7ae115723964d2723f1115a87af438013 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow reading of /data/security/current symlink.
f9268178 · Stephen Smalley · 2a36dff6 · f9268178
Commit f9268178 authored 11 years ago by Stephen Smalley
--- a/domain.te
+++ b/domain.te
@@ -128,9 +128,10 @@ allow domain debugfs:file w_file_perms;
 # Get SELinux enforcing status.
 selinux_getenforce(domain)

-# security files
+# /data/security files
 allow domain security_file:dir { search getattr };
 allow domain security_file:file getattr;
+allow domain security_file:lnk_file r_file_perms;

 # World readable asec image contents
 allow domain asec_public_file:file r_file_perms;