global_macros: Allow directory locking

See https://groups.google.com/d/msg/android-ndk/BbEOA9pnR-I/HgLkGy5qAgAJ

Addresses the following denial:

  avc: denied { lock } for path="/data/data/com.mypackage/files/somefilename" dev="mmcblk0p28" ino=114736 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0

While I'm here, also add lock to w_file_perms.

(cherrypicked from commit 4ee494cce1670e6883fb56cea96aa6bab10a4523)

Change-Id: I2568a228099c4e112e4a8b80da3bfcf2e35eb0ea

1 files changed, 3 insertions, 3 deletions

diff --git a/global_macros b/global_macros
index e840d56..0534e46 100644
--- a/global_macros
+++ b/global_macros
@@ -20,15 +20,15 @@ define(`ipc_class_set', `{ sem msgq shm ipc }')
 #
 define(`x_file_perms', `{ getattr execute execute_no_trans }')
 define(`r_file_perms', `{ getattr open read ioctl lock }')
-define(`w_file_perms', `{ open append write }')
+define(`w_file_perms', `{ open append write lock }')
 define(`rx_file_perms', `{ r_file_perms x_file_perms }')
 define(`ra_file_perms', `{ r_file_perms append }')
 define(`rw_file_perms', `{ r_file_perms w_file_perms }')
 define(`rwx_file_perms', `{ rw_file_perms x_file_perms }')
 define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }')
 
-define(`r_dir_perms', `{ open getattr read search ioctl }')
-define(`w_dir_perms', `{ open search write add_name remove_name }')
+define(`r_dir_perms', `{ open getattr read search ioctl lock }')
+define(`w_dir_perms', `{ open search write add_name remove_name lock }')
 define(`ra_dir_perms', `{ r_dir_perms add_name write }')
 define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }')
 define(`create_dir_perms', `{ create reparent rename rmdir setattr rw_dir_perms }')