installd restorecon now requires getattr.

avc: denied { getattr } for path="/mnt/expand" dev="tmpfs" ino=3146 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0 Bug: 21856349 Change-Id: Ib9984182a71408d5cb803d453f148856b68569e3
2015-06-15 22:18:32 -07:00 · 2015-06-15 22:18:32 -07:00 · f8fd5ab2e0
commit f8fd5ab2e0
parent df54526569
1 changed files with 1 additions and 1 deletions
--- a/installd.te
+++ b/installd.te
@ -22,7 +22,7 @@ allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd system_file:file x_file_perms;
 allow installd cgroup:dir create_dir_perms;
-allow installd mnt_expand_file:dir search;
+allow installd mnt_expand_file:dir { search getattr };
 # Check validity of SELinux context before use.
 selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts