From 4aecb3f2eba874931d9275a6b8e7efad94cc8dd2 Mon Sep 17 00:00:00 2001
From: Hongyi Zhang <hongyiz@google.com>
Date: Tue, 20 Nov 2018 11:17:35 -0800
Subject: [PATCH] grant permissions of dir /data/server_configurable_flags

grant rw_dir_perms of dir
/data/server_configurable_flags to flags_health_check.te, in order to
enable flags_health_check to record reset flags data as file under this
dir for later use. See function:
server_configurable_flags::ServerConfigurableFlagsReset for how the
permission is used.

Test: manual on device
Change-Id: I1df7b8cadfbe279f26bf828e9e725ce170a376f7
---
 public/flags_heatlh_check.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index c17ce9f07..a62689523 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -9,6 +9,7 @@ set_prop(flags_health_check, device_config_reset_performed_prop)
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(flags_health_check, device_config_flags_health_check_prop)
 
+allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
 
 # system property device_config_boot_count_prop is used for deciding when to perform server
@@ -25,5 +26,4 @@ neverallow { domain -init -flags_health_check } device_config_reset_performed_pr
 # server_configurable_flags_data_file is used for storing whether server configurable flags which
 # have been reset during current booting. Mistakenly modified by unrelated components can
 # cause bad server configurable flags synced back to device.
-
 neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
-- 
GitLab