Allow virtualizationservice to check parent dir am: a9d70d7ba8 am: bd6d03f58b Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967573 Change-Id: Ia16c535554a6cf4de48111a83d70cc9da9b31d28 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 5cb43ddfcf3161567a533670cf70e0de0dd84de5 [log] [tgz]
author: David Drysdale <drysdale@google.com> Wed Feb 21 12:19:20 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Feb 21 12:19:20 2024 +0000
tree: bde6873529e2710a392ea0ae056eb2010d8a4885
parent: 4aa156fa1a528e148cf7882dc9504563f9e1ff69 [diff]
parent: bd6d03f58b8cdb9ade01e27cd2281f9f138ffe8e [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index fcc7304..0a9ff8b 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -59,8 +59,9 @@
 virtualizationservice_use(virtualizationservice)
 
 # Allow virtualizationservice to read and write in the apex data directory
-# /data/misc/apexdata/com.android.virt
-allow virtualizationservice apex_module_data_file:dir search;
+# /data/misc/apexdata/com.android.virt. Also allow checking of the parent directory
+# (needed for SQLite database creation).
+allow virtualizationservice apex_module_data_file:dir { search getattr };
 allow virtualizationservice apex_virt_data_file:dir create_dir_perms;
 allow virtualizationservice apex_virt_data_file:file create_file_perms;
commit	5cb43ddfcf3161567a533670cf70e0de0dd84de5	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Wed Feb 21 12:19:20 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Feb 21 12:19:20 2024 +0000
tree	bde6873529e2710a392ea0ae056eb2010d8a4885
parent	4aa156fa1a528e148cf7882dc9504563f9e1ff69 [diff]
parent	bd6d03f58b8cdb9ade01e27cd2281f9f138ffe8e [diff]