Merge "Allow dexopt_chroot_setup to check /metadata in chroot." into main

commit: 0fbd29a64cd109c13392324ad2c27d205dbfd4d9 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Oct 15 13:33:17 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 15 13:33:17 2024 +0000
tree: b594bbae926e4263f1cb757750f1febdc065319c
parent: 5ef52d5e30fa166ea047afc7c55306d14564be2a [diff]
parent: b0a21a6a9292c38f2d571fd937d4ea838992ed4d [diff]
diff --git a/private/dexopt_chroot_setup.te b/private/dexopt_chroot_setup.te
index 9e98bae..44ba99f 100644
--- a/private/dexopt_chroot_setup.te
+++ b/private/dexopt_chroot_setup.te

@@ -135,6 +135,9 @@
 # Allow accessing /data/app/..., to bind-mount dirs for incremental apps.
 allow dexopt_chroot_setup apk_data_file:dir { getattr search };
 
+# Allow checking /metadata in chroot, to make sure it's not a symlink.
+allow dexopt_chroot_setup metadata_file:dir { getattr };
+
 # Neverallow rules.
 
 # Never allow running other binaries without a domain transition.
commit	0fbd29a64cd109c13392324ad2c27d205dbfd4d9	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Tue Oct 15 13:33:17 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Oct 15 13:33:17 2024 +0000
tree	b594bbae926e4263f1cb757750f1febdc065319c
parent	5ef52d5e30fa166ea047afc7c55306d14564be2a [diff]
parent	b0a21a6a9292c38f2d571fd937d4ea838992ed4d [diff]