Give profman getattr rights on profiles.

We do a bit more work checks in the runtime for the profiles and call stat on the files to see if they exists and their are not empty. SElinux error [ 297.842210] type=1400 audit(1459106986.097:7): avc: denied { getattr } for pid=4504 comm="profman" path="/data/misc/profiles/cur/0/com.google.android.youtube/primary.prof" dev="dm-1" ino=636936 scontext=u:r:profman:s0 tcontext=u:object_r:user_profile_data_file:s0:c512,c768 tclass=file permissive=0 Bug: 27860201 Change-Id: Ic97882e6057a4b5c3a16089b9b99b64bc1a3cd98

Give profman getattr rights on profiles.
We do a bit more work checks in the runtime for the profiles and call stat on the files to see if they exists and their are not empty. SElinux error [ 297.842210] type=1400 audit(1459106986.097:7): avc: denied { getattr } for pid=4504 comm="profman" path="/data/misc/profiles/cur/0/com.google.android.youtube/primary.prof" dev="dm-1" ino=636936 scontext=u:r:profman:s0 tcontext=u:object_r:user_profile_data_file:s0:c512,c768 tclass=file permissive=0 Bug: 27860201 Change-Id: Ic97882e6057a4b5c3a16089b9b99b64bc1a3cd98
070f5625 · Calin Juravle · ce35cec3 · 070f5625
Commit 070f5625 authored 9 years ago by Calin Juravle
--- a/profman.te
+++ b/profman.te
@@ -2,7 +2,7 @@
 type profman, domain;
 type profman_exec, exec_type, file_type;
-allow profman user_profile_data_file:file { read write lock };
+allow profman user_profile_data_file:file { getattr read write lock };
 allow profman installd:fd use;