Allow virtualizationservice to check parent dir am: a9d70d7ba8 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967573 Change-Id: I915ec4bc0144cc9a1a9ac20525f48ad1b33af3d7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: bd6d03f58b8cdb9ade01e27cd2281f9f138ffe8e [log] [tgz]
author: David Drysdale <drysdale@google.com> Wed Feb 21 11:39:06 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Feb 21 11:39:06 2024 +0000
tree: 7905da9e7db8071e7f8b9b097c5919eee37b429e
parent: d63c142e1049e943a5026e68f2bd98ec312c65bc [diff]
parent: a9d70d7ba8eff3ef5dc19d972a0f3780b5a774f0 [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index fcc7304..0a9ff8b 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -59,8 +59,9 @@
 virtualizationservice_use(virtualizationservice)
 
 # Allow virtualizationservice to read and write in the apex data directory
-# /data/misc/apexdata/com.android.virt
-allow virtualizationservice apex_module_data_file:dir search;
+# /data/misc/apexdata/com.android.virt. Also allow checking of the parent directory
+# (needed for SQLite database creation).
+allow virtualizationservice apex_module_data_file:dir { search getattr };
 allow virtualizationservice apex_virt_data_file:dir create_dir_perms;
 allow virtualizationservice apex_virt_data_file:file create_file_perms;
commit	bd6d03f58b8cdb9ade01e27cd2281f9f138ffe8e	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Wed Feb 21 11:39:06 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Feb 21 11:39:06 2024 +0000
tree	7905da9e7db8071e7f8b9b097c5919eee37b429e
parent	d63c142e1049e943a5026e68f2bd98ec312c65bc [diff]
parent	a9d70d7ba8eff3ef5dc19d972a0f3780b5a774f0 [diff]