From b34ede070da0360637b8562b78cd010b1c81ab94 Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Mon, 2 Mar 2020 18:19:15 -0800 Subject: [PATCH] Allow update_engine to search metadata_file:dir. This is previously needed by snapshotctl to initiate the merge, but now update_engine is responsible for initiating the merge. Bug: 147696014 Test: no selinux denial on boot. Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7 --- public/update_engine_common.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/update_engine_common.te b/public/update_engine_common.te index 806944f8d..57d8e7e3a 100644 --- a/public/update_engine_common.te +++ b/public/update_engine_common.te @@ -81,5 +81,6 @@ unix_socket_send(update_engine_common, statsdw, statsd) get_prop(update_engine_common, virtual_ab_prop) # Allow to read/write/create OTA metadata files for snapshot status and COW file status. +allow update_engine_common metadata_file:dir search; allow update_engine_common ota_metadata_file:dir rw_dir_perms; allow update_engine_common ota_metadata_file:file create_file_perms;