From 226be8fd93ea7ef4510d06a85d6d11e92a99a36d Mon Sep 17 00:00:00 2001
From: Enzo Liao <enzoliao@google.com>
Date: Wed, 15 Mar 2023 19:17:28 +0800
Subject: SSRestarDetector: modify the SELinux policy to allow access files
 owned by system.

It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)
This CL is used to pass DeviceBootTest.DeviceBootTest#SELinuxUncheckedDenialBootTest.

Bug: 234359369
Bug: 273662631
Design: http://go/pd-client-for-lab
Test: manual
Ignore-AOSP-First: only for google devices.
Change-Id: I30c70f8510464d47a840d60f8d7ccd55b443d665
---
 vendor/google/ssr_detector.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vendor/google/ssr_detector.te b/vendor/google/ssr_detector.te
index 039eadc..3a44e9a 100644
--- a/vendor/google/ssr_detector.te
+++ b/vendor/google/ssr_detector.te
@@ -16,7 +16,8 @@ get_prop(ssr_detector_app, vendor_wifi_version)
 get_prop(ssr_detector_app, vendor_adsp_version_prop)
 
 # ssr_detector app's data type is system_app_data_file.
-allow ssr_detector_app system_app_data_file:dir { getattr search };
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
 
 allow ssr_detector_app cgroup:file w_file_perms;
 
-- 
cgit v1.2.3