Allow update_engine to search metadata_file:dir.

This is previously needed by snapshotctl to initiate the merge, but now update_engine is responsible for initiating the merge. Bug: 147696014 Test: no selinux denial on boot. Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7
2020-03-02 18:19:15 -08:00 · 2020-03-02 18:19:15 -08:00 · b34ede070d
commit b34ede070d
parent b8c108e15f
1 changed files with 1 additions and 0 deletions
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@ -81,5 +81,6 @@ unix_socket_send(update_engine_common, statsdw, statsd)
 get_prop(update_engine_common, virtual_ab_prop)

 # Allow to read/write/create OTA metadata files for snapshot status and COW file status.
+allow update_engine_common metadata_file:dir search;
 allow update_engine_common ota_metadata_file:dir rw_dir_perms;
 allow update_engine_common ota_metadata_file:file create_file_perms;