system_server: read symlinks in /cache

type=1400 audit(0.0:6): avc: denied { read } for comm="Thread-5" name="cache" dev="dm-0" ino=13 scontext=u:r:system_server:s0 tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0 Bug: 64067152 Test: build Change-Id: Ie90c0343a834aa87b7ded41f503e05d9b63b3244
2017-07-26 09:54:36 -07:00 · 2017-07-26 09:54:36 -07:00 · a4cada7439
commit a4cada7439
parent 21b4a92590
1 changed files with 1 additions and 0 deletions
--- a/private/system_server.te
+++ b/private/system_server.te
@ -455,6 +455,7 @@ set_prop(system_server, firstboot_prop)
 allow system_server system_ndebug_socket:sock_file create_file_perms;

 # Manage cache files.
+allow system_server cache_file:lnk_file r_file_perms;
 allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms };
 allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms };
 allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms;