From 9e33565cf06e458a831298bf9bd762a3c8665714 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 28 Feb 2018 08:19:48 -0800
Subject: [PATCH] system_server: grant read access to vendor/framework

avc: denied { getattr } for path="/vendor/framework"
scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_framework_file:s0
tclass=dir

Bug: 68826235
Test: boot Taimen, verify denials no longer occur.
Change-Id: Id4b311fd423342c8d6399c3b724417aff9d1cd88
---
 private/bug_map          | 1 -
 private/system_server.te | 5 ++---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/private/bug_map b/private/bug_map
index ee9abee1e..1ff1ffeb4 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -7,7 +7,6 @@ priv_app sysfs dir 72749888
 priv_app sysfs_android_usb file 72749888
 priv_app system_data_file dir 72811052
 system_server crash_dump process 73128755
-system_server vendor_framework_file dir 68826235
 untrusted_app_25 system_data_file dir 72550646
 untrusted_app_27 system_data_file dir 72550646
 usbd usbd capability 72472544
diff --git a/private/system_server.te b/private/system_server.te
index a52c5c737..de2e3fea3 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -335,10 +335,9 @@ allow system_server apk_data_file:{ file lnk_file } { create_file_perms link };
 allow system_server apk_tmp_file:dir create_dir_perms;
 allow system_server apk_tmp_file:file create_file_perms;
 
-# Access /vendor/app
+# Access /vendor/{app,framework,overlay}
 r_dir_file(system_server, vendor_app_file)
-
-# Access /vendor/app
+r_dir_file(system_server, vendor_framework_file)
 r_dir_file(system_server, vendor_overlay_file)
 
 # Manage /data/app-private.
-- 
GitLab