From 0fb0ab4107feb88e5ebcc9019e55413f926a753e Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Tue, 12 Jan 2016 16:16:27 -0800
Subject: [PATCH] Allow adbd to pull sepolicy from device.

Address the following denial when running CTS:
avc: denied { search } for comm=73657276696365203136 name="/" dev="selinuxfs" ino=1 scontext=u:r:adbd:s0 tcontext=u:object_r:selinuxfs:s0 tclass=dir permissive=0

Bug: 26290097
Change-Id: Icf51061a65a5fda15f7e7ef78200a62ffbd1ca9b
---
 adbd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/adbd.te b/adbd.te
index 92e7c21e5..3807c587d 100644
--- a/adbd.te
+++ b/adbd.te
@@ -86,6 +86,9 @@ allow adbd appdomain:unix_stream_socket connectto;
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow adbd selinuxfs:dir r_dir_perms;
+allow adbd selinuxfs:file r_file_perms;
 allow adbd kernel:security read_policy;
 
 allow adbd surfaceflinger_service:service_manager find;