From e4c966648ef0642bbd7d6cb8041c38fcb4e963e3 Mon Sep 17 00:00:00 2001
From: Daniel Rosenberg <drosen@google.com>
Date: Mon, 3 Feb 2020 17:57:03 -0800
Subject: [PATCH] Allow setattr for chattr

Bug: 138322712
Test: No denial for chattr on boot
Change-Id: I9fdfc8ff4d3d0b2743ca572f4c3e64477f97cd84
---
 public/toolbox.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/toolbox.te b/public/toolbox.te
index 1dd06f9f8..4c2cc3eab 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -29,7 +29,7 @@ allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };
 
 # chattr +F and chattr +P /data/media in init
-allow toolbox media_rw_data_file:dir { r_dir_perms };
+allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
 allowxperm toolbox media_rw_data_file:dir ioctl {
   FS_IOC_FSGETXATTR
   FS_IOC_FSSETXATTR