From d8612deee80b6359010369844a4021f3322e32e8 Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Tue, 19 Jun 2018 10:34:15 +0900
Subject: [PATCH] Suppress denial for ueventd to getattr

From now on, linker will resolve dir.${section} paths of ld.config.txt.
This is added to suppress SELinux denial during resolving /postinstall.

Bug: http://b/80422611
Test: on taimen m -j, logcat | grep denied, atest on bionic/linker/tests
Change-Id: I12c2bb76d71ae84055b5026933dcaa6ef2808590
---
 public/ueventd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/ueventd.te b/public/ueventd.te
index 0cac32d48..ea7316659 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -45,6 +45,10 @@ recovery_only(`
   allow ueventd rootfs:file { r_file_perms execute };
 ')
 
+# Suppress denials for ueventd to getattr /postinstall. This occurs when the
+# linker tries to resolve paths in ld.config.txt.
+dontaudit ueventd postinstall_mnt_dir:dir getattr;
+
 #####
 ##### neverallow rules
 #####