From cfb36df7c7262206848436995e2c3e576ae362af Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Mon, 7 Mar 2016 23:12:58 +0000
Subject: [PATCH] Give vold setattr/getattr permissions to foreign dex files
 domain.

Vold needs to be able to query if the directory exists and
eventually to fix permissions and the owner.

Typical error:
W vold    : type=1400 audit(0.0:485): avc: denied { getattr }
for path="/data/misc/profiles/cur/11/foreign-dex" dev="dm-2"
ino=343857 scontext=u:r:vold:s0
tcontext=u:object_r:user_profile_foreign_dex_data_file:s0 tclass=dir
permissive=0


Bug: 27517932
Change-Id: Iff10c864634baa97cc814916ee7495b262e0c7eb
---
 vold.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vold.te b/vold.te
index fb3673c00..566356223 100644
--- a/vold.te
+++ b/vold.te
@@ -187,6 +187,7 @@ allow vold toolbox_exec:file rx_file_perms;
 
 # Prepare profile dir for users.
 allow vold user_profile_data_file:dir create_dir_perms;
+allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };
 
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
-- 
GitLab