Allow update_engine to read postinstall_mnt_dir am: 8f68705349 am: 0bcb20306e

am: b197b7c8ca Change-Id: I77d33dec14641856fba474c16b7b98815313a049
2017-07-18 18:56:06 +00:00 · 2017-07-18 18:56:06 +00:00 · 0b2209bfe0
commit 0b2209bfe0
parent 61b0d710a9 b197b7c8ca
1 changed files with 1 additions and 1 deletions
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@ -19,7 +19,7 @@ allow update_engine_common rootfs:file r_file_perms;

 # Allow update_engine_common to mount on the /postinstall directory and reset the
 # labels on the mounted filesystem to postinstall_file.
-allow update_engine_common postinstall_mnt_dir:dir mounton;
+allow update_engine_common postinstall_mnt_dir:dir { mounton getattr search };
 allow update_engine_common postinstall_file:filesystem { mount unmount relabelfrom relabelto };
 allow update_engine_common labeledfs:filesystem relabelfrom;