From a26763ecb6ea7dfb9d8fe2a76a4660896a7b2ef5 Mon Sep 17 00:00:00 2001
From: Zheng Zhang <zhzh@google.com>
Date: Thu, 18 Oct 2018 11:09:19 +0800
Subject: [PATCH] Allow mediaserver domain have getatrr perm on vendor_app_file

When running some apps in vendor partition, it report denials like:

avc: denied { getattr } for comm="Binder:901_2" path="/vendor/operator/app/Wechat/Wechat.apk" dev="sde14" ino=1707 scontext=u:r:mediaserver:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0
---
 public/mediaserver.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/mediaserver.te b/public/mediaserver.te
index 6a7b0c7a4..540c039ef 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -92,7 +92,7 @@ allow mediaserver oemfs:dir search;
 allow mediaserver oemfs:file r_file_perms;
 
 # /vendor apk access
-allow mediaserver vendor_app_file:file { read map };
+allow mediaserver vendor_app_file:file { read map getattr };
 
 use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
-- 
GitLab