rs.te: Allow following /data/user/0 symlink The bcc command line uses /data/user/0 paths, so renderscript needs to be able to follow those symlinks. Addresses the following denial: audit(1545249938.830:2274): avc: denied { read } for comm="bcc" name="0" dev="dm-6" ino=101 scontext=u:r:rs:s0:c184,c256,c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=1 app=android.rscpp.cts Test: cts-tradefed run cts -m CtsRsCppTestCases Bug: 121266184 Bug: 112357170 Change-Id: I16210f9b95f386bdee0863cf0044c956af99586d

commit: 5cbe41b12ffbcc3b6edde305426d0afc7a7da79c [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Dec 19 12:09:42 2018 -0800
committer: Nick Kralevich <nnk@google.com> Wed Dec 19 12:09:42 2018 -0800
tree: 702bb456a779754d231619c0d25db5187c046d9a
parent: 3361ec4358b7aeea8fabdbbf26d864c364bc0eeb [diff]
diff --git a/private/rs.te b/private/rs.te
index 94cf6b4..9229ed9 100644
--- a/private/rs.te
+++ b/private/rs.te

@@ -7,6 +7,9 @@
 allow rs rs_data_file:file create_file_perms;
 type_transition rs app_data_file:file rs_data_file;
 
+# Follow /data/user/0 symlink
+allow rs system_data_file:lnk_file read;
+
 # Read files from the app home directory.
 allow rs app_data_file:file r_file_perms;
 allow rs app_data_file:dir r_dir_perms;
commit	5cbe41b12ffbcc3b6edde305426d0afc7a7da79c	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Dec 19 12:09:42 2018 -0800
committer	Nick Kralevich <nnk@google.com>	Wed Dec 19 12:09:42 2018 -0800
tree	702bb456a779754d231619c0d25db5187c046d9a
parent	3361ec4358b7aeea8fabdbbf26d864c364bc0eeb [diff]