From a9d70d7ba8eff3ef5dc19d972a0f3780b5a774f0 Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Mon, 19 Feb 2024 17:44:08 +0000
Subject: [PATCH] Allow virtualizationservice to check parent dir

Needed for SQLite database creation

Test: boot Cuttlefish, printf debugging
Bug: 294177871
Change-Id: I9ec2a8956c501ddea9514ea07a7c89d09b027dd3
---
 private/virtualizationservice.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index fcc730464..0a9ff8ba6 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -59,8 +59,9 @@ allow virtualizationservice adbd:unix_stream_socket { read write };
 virtualizationservice_use(virtualizationservice)
 
 # Allow virtualizationservice to read and write in the apex data directory
-# /data/misc/apexdata/com.android.virt
-allow virtualizationservice apex_module_data_file:dir search;
+# /data/misc/apexdata/com.android.virt. Also allow checking of the parent directory
+# (needed for SQLite database creation).
+allow virtualizationservice apex_module_data_file:dir { search getattr };
 allow virtualizationservice apex_virt_data_file:dir create_dir_perms;
 allow virtualizationservice apex_virt_data_file:file create_file_perms;