grant permissions of dir /data/server_configurable_flags

grant rw_dir_perms of dir /data/server_configurable_flags to flags_health_check.te, in order to enable flags_health_check to record reset flags data as file under this dir for later use. See function: server_configurable_flags::ServerConfigurableFlagsReset for how the permission is used. Test: manual on device Change-Id: I1df7b8cadfbe279f26bf828e9e725ce170a376f7

grant permissions of dir /data/server_configurable_flags
grant rw_dir_perms of dir /data/server_configurable_flags to flags_health_check.te, in order to enable flags_health_check to record reset flags data as file under this dir for later use. See function: server_configurable_flags::ServerConfigurableFlagsReset for how the permission is used. Test: manual on device Change-Id: I1df7b8cadfbe279f26bf828e9e725ce170a376f7
4aecb3f2 · Hongyi Zhang · 745d3839 · 4aecb3f2
Commit 4aecb3f2 authored 6 years ago by Hongyi Zhang
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -9,6 +9,7 @@ set_prop(flags_health_check, device_config_reset_performed_prop)
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(flags_health_check, device_config_flags_health_check_prop)
+allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
 # system property device_config_boot_count_prop is used for deciding when to perform server
@@ -25,5 +26,4 @@ neverallow { domain -init -flags_health_check } device_config_reset_performed_pr
 # server_configurable_flags_data_file is used for storing whether server configurable flags which
 # have been reset during current booting. Mistakenly modified by unrelated components can
 # cause bad server configurable flags synced back to device.
 neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;