recovery: allow read access to fuse filesystem

adb sideload depends on the ability to access the fuse directory. Flipping recovery into enforcing started triggering the following denial: type=1400 audit(17964905.699:7): avc: denied { search } for pid=132 comm="recovery" name="/" dev="fuse" ino=1 scontext=u:r:recovery:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir Change-Id: I27ee0295fa2e2d0449bfab4f95bfbc076e92cf59

recovery: allow read access to fuse filesystem
adb sideload depends on the ability to access the fuse directory. Flipping recovery into enforcing started triggering the following denial: type=1400 audit(17964905.699:7): avc: denied { search } for pid=132 comm="recovery" name="/" dev="fuse" ino=1 scontext=u:r:recovery:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir Change-Id: I27ee0295fa2e2d0449bfab4f95bfbc076e92cf59
e9d97b74 · Nick Kralevich · 9f6af083 · e9d97b74
Commit e9d97b74 authored 10 years ago by Nick Kralevich
--- a/recovery.te
+++ b/recovery.te
@@ -92,6 +92,7 @@ recovery_only(`
  # "sdcard_internal"; the simulated SD card is the only other user of
  # fuse.)
  allow recovery fuse_device:chr_file rw_file_perms;
+  allow recovery sdcard_internal:dir r_dir_perms;
  allow recovery sdcard_internal:file r_file_perms;
  wakelock_use(recovery)