From fcea7263903b0e953f393ddb15fbfc071b992499 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Thu, 21 Jan 2016 15:04:10 -0800
Subject: [PATCH] Allow domains to stat filesystems.

Address the following denials:
01-21 12:44:53.704  4595  4595 W ndroid.calendar: type=1400 audit(0.0:21): avc: denied { getattr } for name="/" dev="dm-0" ino=2 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
01-21 12:45:23.177  5544  5544 W roid.music:main: type=1400 audit(0.0:46): avc: denied { getattr } for name="/" dev="rootfs" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=filesystem permissive=0
7618 W .android.chrome: type=1400 audit(0.0:413): avc: denied { getattr } for path="/" dev="rootfs" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0

01-21 12:44:53.709  4595  4595 D AndroidRuntime: Shutting down VM
01-21 12:44:53.727  4595  4595 E AndroidRuntime: FATAL EXCEPTION: main
01-21 12:44:53.727  4595  4595 E AndroidRuntime: Process: com.google.android.calendar, PID: 4595
01-21 12:44:53.727  4595  4595 E AndroidRuntime: java.lang.RuntimeException: Unable to get provider com.google.android.syncadapters.calendar.timely.TimelyProvider: java.lang.IllegalArgumentException: Invalid path: /data
01-21 12:44:53.727  4595  4595 E AndroidRuntime: 	at android.app.ActivityThread.installProvider(ActivityThread.java:5550)
...

Change-Id: I0e9d65438d031e19c9abc5dca8969ed4356437a0
---
 domain.te            | 4 ++++
 domain_deprecated.te | 4 ----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/domain.te b/domain.te
index fb672ad09..2aba7e31d 100644
--- a/domain.te
+++ b/domain.te
@@ -127,6 +127,10 @@ allow domain debugfs:dir search;
 allow domain debugfs_tracing:dir search;
 allow domain debugfs_trace_marker:file w_file_perms;
 
+# Filesystem access.
+allow domain fs_type:filesystem getattr;
+allow domain fs_type:dir getattr;
+
 ###
 ### neverallow rules
 ###
diff --git a/domain_deprecated.te b/domain_deprecated.te
index 7be9a3e8c..0db79da54 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -25,10 +25,6 @@ allow domain_deprecated rootfs:lnk_file r_file_perms;
 # Device accesses.
 allow domain_deprecated device:file read;
 
-# Filesystem accesses.
-allow domain_deprecated fs_type:filesystem getattr;
-allow domain_deprecated fs_type:dir getattr;
-
 # System file accesses.
 allow domain_deprecated system_file:dir r_dir_perms;
 allow domain_deprecated system_file:file r_file_perms;
-- 
GitLab