PL2: Allow vendor_init to search required dir for restorecon

[ 77.883264] type=1400 audit(1602012220.709:14): avc: denied { search } for comm="init" name="fpdata" dev="mmcblk0p85" ino=770055 scontext=u:r:vendor_init:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0 duplicate messages suppressed Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I2d85df038c9502d220299a5d35c31346c6424fd7
2026-01-29 03:27:30 +00:00 · 2020-10-08 08:31:52 +00:00
parent 635f471c26
commit e70827a1ea
1 changed files with 1 additions and 0 deletions
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -3,6 +3,7 @@ allow vendor_init rootfs:dir r_dir_perms;
 # [NEVERALLOW]: Allow vendor_init to change SELinux labels { setattr relabelfrom }
 # [NEVERALLOW]: Allow vendor_init to access system_data_file
 allow vendor_init { system_data_file fingerprintd_data_file wallpaper_file icon_file }:{ dir file } { read open getattr setattr relabelfrom relabelto };
+allow vendor_init { system_data_file fingerprintd_data_file wallpaper_file icon_file }:{ dir } { search };

 # [NEVERALLOW]: Allow vendor_init to execute vendor_toolbox_exec { execute_no_trans }
 allow vendor_init vendor_toolbox_exec:file { execute_no_trans entrypoint };