Sepolicy: Fix new access from the linker for postinstall

The linker now requires getattr rights for the filesystem. Otherwise linking otapreopt and patchoat/dex2oat will fail. Bug: 37776530 Test: m Test: manual OTA Change-Id: I1351fbfa101beca4ba80f84b0dd9dbcabe2c9d39

Sepolicy: Fix new access from the linker for postinstall
The linker now requires getattr rights for the filesystem. Otherwise linking otapreopt and patchoat/dex2oat will fail. Bug: 37776530 Test: m Test: manual OTA Change-Id: I1351fbfa101beca4ba80f84b0dd9dbcabe2c9d39
bddd1893 · Andreas Gampe · 89671020 · bddd1893 · bddd1893
Commit bddd1893 authored 7 years ago by Andreas Gampe
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -43,6 +43,7 @@ allow dex2oat app_data_file:file { getattr read write lock };
 allow dex2oat postinstall_dexopt:fd use;

 allow dex2oat postinstall_file:dir { getattr search };
+allow dex2oat postinstall_file:filesystem getattr;
 allow dex2oat postinstall_file:lnk_file read;

 # Allow dex2oat access to files in /data/ota.

--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -7,6 +7,7 @@ type postinstall_dexopt, domain;

 allow postinstall_dexopt self:capability { chown dac_override fowner setgid setuid };

+allow postinstall_dexopt postinstall_file:filesystem getattr;
 allow postinstall_dexopt postinstall_file:dir { getattr search };
 allow postinstall_dexopt postinstall_file:lnk_file read;
 allow postinstall_dexopt proc:file { getattr open read };