Add rules for calling ReadDefaultFstab()

Grant fstab access rights to these domains.

Bug: 181110285
Test: Presubmit boot health test
Change-Id: I6ea4a9e749eca774925e4f664a423d2d51ad0e55
Merged-In: I6ea4a9e749eca774925e4f664a423d2d51ad0e55
(cherry picked from commit dbc53ae057a8b2e15c5239f6f5acee0a64321f14)

3 files changed, 8 insertions, 0 deletions

diff --git a/non_plat/fuelgauged_nvram.te b/non_plat/fuelgauged_nvram.te
index 3b59440..1794aba 100644
--- a/non_plat/fuelgauged_nvram.te
+++ b/non_plat/fuelgauged_nvram.te
@@ -64,3 +64,6 @@ r_dir_file(fuelgauged_nvram, sysfs_batteryinfo)
 allow fuelgauged_nvram mnt_vendor_file:dir search;
 
 allow fuelgauged_nvram sysfs_boot_mode:file { open read };
+
+# Allow ReadDefaultFstab().
+read_fstab(fuelgauged_nvram)
diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te
index 4173b0a..3f98d04 100644
--- a/non_plat/mtk_hal_camera.te
+++ b/non_plat/mtk_hal_camera.te
@@ -378,3 +378,6 @@ allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF;
 allow mtk_hal_camera sysfs:file rw_file_perms;
 allow mtk_hal_camera system_server:binder call;
 allow mtk_hal_camera Vcodec_device:chr_file rw_file_perms;
+
+# Allow ReadDefaultFstab().
+read_fstab(mtk_hal_camera)
diff --git a/non_plat/nvram_daemon.te b/non_plat/nvram_daemon.te
index e8c108e..a7128c4 100644
--- a/non_plat/nvram_daemon.te
+++ b/non_plat/nvram_daemon.te
@@ -84,3 +84,5 @@ allow nvram_daemon self:capability { fowner chown fsetid };
 
 allow nvram_daemon sysfs_boot_mode:file r_file_perms;
 
+# Allow ReadDefaultFstab().
+read_fstab(nvram_daemon)