servicemanager: allow to read VINTF files in recovery.

Test: manual Bug: 206888109 Change-Id: I2b7f0f33c27beb0d4401d1d697fdc58e7c62986f
2021-12-07 14:31:04 -08:00 · 2021-12-07 14:31:04 -08:00 · 259491ba0b
commit 259491ba0b
parent d725f8acaf
1 changed files with 4 additions and 1 deletions
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@ -31,7 +31,10 @@ allow servicemanager dumpstate:fifo_file write;
 # Check SELinux permissions.
 selinux_check_access(servicemanager)

-# In recovery, log to kmsg.
 recovery_only(`
+  # In recovery, log to kmsg.
  allow servicemanager kmsg_device:chr_file rw_file_perms;
+
+  # Read VINTF files.
+  r_dir_file(servicemanager, rootfs)
 ')