From 070f56253318ad4f0cbb181ad453320050a5062a Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Mon, 28 Mar 2016 14:21:39 +0100
Subject: [PATCH] Give profman getattr rights on profiles.

We do a bit more work checks in the runtime for the profiles and call
stat on the files to see if they exists and their are not empty.

SElinux error
[  297.842210] type=1400 audit(1459106986.097:7): avc: denied { getattr
} for pid=4504 comm="profman"
path="/data/misc/profiles/cur/0/com.google.android.youtube/primary.prof"
dev="dm-1" ino=636936 scontext=u:r:profman:s0
tcontext=u:object_r:user_profile_data_file:s0:c512,c768 tclass=file
permissive=0

Bug: 27860201
Change-Id: Ic97882e6057a4b5c3a16089b9b99b64bc1a3cd98
---
 profman.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profman.te b/profman.te
index ac34e8923..92a23e22f 100644
--- a/profman.te
+++ b/profman.te
@@ -2,7 +2,7 @@
 type profman, domain;
 type profman_exec, exec_type, file_type;
 
-allow profman user_profile_data_file:file { read write lock };
+allow profman user_profile_data_file:file { getattr read write lock };
 
 allow profman installd:fd use;
 
-- 
GitLab