From 18096f9c6463192c93d5fc3e56da7441747665fb Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@google.com>
Date: Sun, 13 May 2018 10:09:20 -0700
Subject: [PATCH] dumpstate: allow /metadata for df

[  196.680228] type=1400 audit(1526230655.786:26): avc: denied { getattr } for
 pid=7159 comm="df" path="/metadata" dev="sda20" ino=2 scontext=u:r:dumpstate:s0
 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

Bug: 66967195
Bug: 79552162
Test: adb bugreport
Change-Id: Ib2abbc35e04a69992fa09a596694f428d3adc7c1
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
---
 prebuilts/api/28.0/public/dumpstate.te | 1 +
 public/dumpstate.te                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/prebuilts/api/28.0/public/dumpstate.te b/prebuilts/api/28.0/public/dumpstate.te
index f3cd89296..03fc737eb 100644
--- a/prebuilts/api/28.0/public/dumpstate.te
+++ b/prebuilts/api/28.0/public/dumpstate.te
@@ -100,6 +100,7 @@ allow dumpstate debugfs:file r_file_perms;
 allow dumpstate {
   block_device
   cache_file
+  metadata_file
   rootfs
   selinuxfs
   storage_file
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f3cd89296..03fc737eb 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -100,6 +100,7 @@ allow dumpstate debugfs:file r_file_perms;
 allow dumpstate {
   block_device
   cache_file
+  metadata_file
   rootfs
   selinuxfs
   storage_file
-- 
GitLab