Allow adbd to read file_contexts

Denials for this can cause local test failures. The access is harmless, and is allowed in the host, so we also allow it in the guest. And adbd does have a legitimate use for the access. Bug: 328753027 Test: atest MicrodroidHostTests Run repeatedly on my test device Change-Id: Ic2e991122527ae9a22babb417ad90f2ceb8d15fc
2024-03-08 16:47:06 +00:00 · 2024-03-08 16:47:06 +00:00 · 55ae799b21
commit 55ae799b21
parent 489766292a
1 changed files with 3 additions and 0 deletions
--- a/microdroid/system/private/adbd.te
+++ b/microdroid/system/private/adbd.te
@ -54,6 +54,9 @@ allow adbd selinuxfs:dir r_dir_perms;
 allow adbd selinuxfs:file r_file_perms;
 allow adbd kernel:security read_policy;

+# adbd may try to restorecon files (see b/328753027)
+allow adbd file_contexts_file:file r_file_perms;
+
 # adbd tries to run mdnsd, but mdnsd doesn't exist. Just dontaudit ctl permissions.
 # TODO(b/200902288): patch adb and remove this rule
 dontaudit adbd { ctl_default_prop ctl_start_prop }:property_service set;