SSRestarDetector: modify the SELinux policy to allow access files owned by system for Sunfish.android-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-release

It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)
This CL is used to pass DeviceBootTest.DeviceBootTest#SELinuxUncheckedDenialBootTest.

Bug: 234359369
Bug: 273662631
Design: http://go/pd-client-for-lab
Test: manual
Ignore-AOSP-First: only for google devices.
Change-Id: I670191f20c741d807def4fad25fde92ee54f331a

1 files changed, 2 insertions, 1 deletions

diff --git a/vendor/google/ssr_detector.te b/vendor/google/ssr_detector.te
index 49f1754..8a0bbe3 100644
--- a/vendor/google/ssr_detector.te
+++ b/vendor/google/ssr_detector.te
@@ -15,7 +15,8 @@ get_prop(ssr_detector_app, vendor_wifi_version)
 get_prop(ssr_detector_app, public_vendor_system_prop)
 
 # ssr_detector app's data type is system_app_data_file.
-allow ssr_detector_app system_app_data_file:dir { getattr search };
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
 
 allow ssr_detector_app cgroup:file w_file_perms;