From bddd18939468568ec33b3179e11447e3aed642cf Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Fri, 28 Apr 2017 17:25:19 -0700
Subject: [PATCH] Sepolicy: Fix new access from the linker for postinstall

The linker now requires getattr rights for the filesystem. Otherwise
linking otapreopt and patchoat/dex2oat will fail.

Bug: 37776530
Test: m
Test: manual OTA
Change-Id: I1351fbfa101beca4ba80f84b0dd9dbcabe2c9d39
---
 public/dex2oat.te            | 1 +
 public/postinstall_dexopt.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/public/dex2oat.te b/public/dex2oat.te
index 4551e589c..cc8111fdc 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -43,6 +43,7 @@ allow dex2oat app_data_file:file { getattr read write lock };
 allow dex2oat postinstall_dexopt:fd use;
 
 allow dex2oat postinstall_file:dir { getattr search };
+allow dex2oat postinstall_file:filesystem getattr;
 allow dex2oat postinstall_file:lnk_file read;
 
 # Allow dex2oat access to files in /data/ota.
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index b66c9274b..0ce617b81 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -7,6 +7,7 @@ type postinstall_dexopt, domain;
 
 allow postinstall_dexopt self:capability { chown dac_override fowner setgid setuid };
 
+allow postinstall_dexopt postinstall_file:filesystem getattr;
 allow postinstall_dexopt postinstall_file:dir { getattr search };
 allow postinstall_dexopt postinstall_file:lnk_file read;
 allow postinstall_dexopt proc:file { getattr open read };
-- 
GitLab