system_server: grant read access to vendor/framework

avc: denied { getattr } for path="/vendor/framework" scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir Bug: 68826235 Test: boot Taimen, verify denials no longer occur. Change-Id: Id4b311fd423342c8d6399c3b724417aff9d1cd88

system_server: grant read access to vendor/framework
avc: denied { getattr } for path="/vendor/framework" scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir Bug: 68826235 Test: boot Taimen, verify denials no longer occur. Change-Id: Id4b311fd423342c8d6399c3b724417aff9d1cd88
9e33565c · Jeff Vander Stoep · Jeffrey Vander Stoep · e32d9406 · 9e33565c · 9e33565c
Commit 9e33565c authored 7 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 7 years ago
--- a/private/bug_map
+++ b/private/bug_map
@@ -7,7 +7,6 @@ priv_app sysfs dir 72749888
 priv_app sysfs_android_usb file 72749888
 priv_app system_data_file dir 72811052
 system_server crash_dump process 73128755
-system_server vendor_framework_file dir 68826235
 untrusted_app_25 system_data_file dir 72550646
 untrusted_app_27 system_data_file dir 72550646
 usbd usbd capability 72472544

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -335,10 +335,9 @@ allow system_server apk_data_file:{ file lnk_file } { create_file_perms link };
 allow system_server apk_tmp_file:dir create_dir_perms;
 allow system_server apk_tmp_file:file create_file_perms;

-# Access /vendor/app
+# Access /vendor/{app,framework,overlay}
 r_dir_file(system_server, vendor_app_file)
-
-# Access /vendor/app
+r_dir_file(system_server, vendor_framework_file)
 r_dir_file(system_server, vendor_overlay_file)

 # Manage /data/app-private.