From 1f55d83d2418370181f311c18ad2950b1561f7c4 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 26 Jul 2017 09:54:36 -0700
Subject: [PATCH] system_server: read symlinks in /cache

type=1400 audit(0.0:6): avc: denied { read } for comm="Thread-5"
name="cache" dev="dm-0" ino=13 scontext=u:r:system_server:s0
tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0

Bug: 64067152
Bug: 65843095
Test: build
Change-Id: Ie90c0343a834aa87b7ded41f503e05d9b63b3244
(cherry picked from commit a4cada74399f51a9e0fcf888cd1a9acfa285c679)
---
 private/system_server.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/system_server.te b/private/system_server.te
index a46272ad6..40c5382d5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -493,6 +493,7 @@ set_prop(system_server, firstboot_prop)
 allow system_server system_ndebug_socket:sock_file create_file_perms;
 
 # Manage cache files.
+allow system_server cache_file:lnk_file r_file_perms;
 allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms };
 allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms };
 allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms;
-- 
GitLab