From bafa38e0cec4cc32cf135b342874c14136ab3f29 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Tue, 24 Jan 2017 12:29:50 -0800
Subject: [PATCH] update_verifier: read dir perms

Allow update_verifier to load the boot_control_hal in passthrough mode.

Test: update_verifier works, no denials
Bug: 34656553
Change-Id: I5c20ce67c8f1fd195f2429dae497221514ed95a8
---
 public/update_verifier.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/update_verifier.te b/public/update_verifier.te
index abbc7663d..5ee525839 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -3,6 +3,9 @@
 type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;
 
+# find the boot_control_hal
+allow update_verifier system_file:dir r_dir_perms;
+
 # Allow update_verifier to reach block devices in /dev/block.
 allow update_verifier block_device:dir search;
 
-- 
GitLab