From 3af8c9d0ef0e4385f69a1a50dd04a010a76c6b19 Mon Sep 17 00:00:00 2001
From: Fyodor Kupolov <fkupolov@google.com>
Date: Mon, 6 Apr 2015 19:26:33 -0700
Subject: [PATCH] Allow system_server to read oat dir

Required for PackageManagerService to perform restorecon recursively on a
staging dir.

Addresses the following denial:
avc: denied { open } for name="oat" dev="mmcblk0p28" ino=163027 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=dir

Bug: 19550105
Bug: 20087446
Change-Id: I0f6ebb79745091ecb4d6d3dbe92f65606b7469da
---
 system_server.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/system_server.te b/system_server.te
index 38658d4b3..4480684a2 100644
--- a/system_server.te
+++ b/system_server.te
@@ -14,6 +14,7 @@ allow system_server system_server_tmpfs:file execute;
 
 # For art.
 allow system_server dalvikcache_data_file:file execute;
+allow system_server dalvikcache_data_file:dir r_dir_perms;
 
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;