Give vold setattr/getattr permissions to foreign dex files domain.

Vold needs to be able to query if the directory exists and eventually to fix permissions and the owner. Typical error: W vold : type=1400 audit(0.0:485): avc: denied { getattr } for path="/data/misc/profiles/cur/11/foreign-dex" dev="dm-2" ino=343857 scontext=u:r:vold:s0 tcontext=u:object_r:user_profile_foreign_dex_data_file:s0 tclass=dir permissive=0 Bug: 27517932 Change-Id: Iff10c864634baa97cc814916ee7495b262e0c7eb

Give vold setattr/getattr permissions to foreign dex files domain.
Vold needs to be able to query if the directory exists and eventually to fix permissions and the owner. Typical error: W vold : type=1400 audit(0.0:485): avc: denied { getattr } for path="/data/misc/profiles/cur/11/foreign-dex" dev="dm-2" ino=343857 scontext=u:r:vold:s0 tcontext=u:object_r:user_profile_foreign_dex_data_file:s0 tclass=dir permissive=0 Bug: 27517932 Change-Id: Iff10c864634baa97cc814916ee7495b262e0c7eb
cfb36df7 · Calin Juravle · 6e4bcbe6 · cfb36df7
Commit cfb36df7 authored 9 years ago by Calin Juravle
--- a/vold.te
+++ b/vold.te
@@ -187,6 +187,7 @@ allow vold toolbox_exec:file rx_file_perms;

 # Prepare profile dir for users.
 allow vold user_profile_data_file:dir create_dir_perms;
+allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };

 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };