Allow system_server to read /data/misc/profman. Before this change, system_server only has write access. We want read access the directory so that we can check if it has the right permissions before we write to it. Bug: 262230400 Test: No longer see SELinux denials on that directory. Change-Id: Ic26b2a170031c4f14423b8b1f1a8564d64f532ae

commit: 10aa6465d931a9d736599a60e88bdc7b84f39a40 [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Tue Dec 13 17:50:02 2022 +0000
committer: Jiakai Zhang <jiakaiz@google.com> Tue Jan 03 16:48:11 2023 +0000
tree: 36aeca383ae55f76478e18b500cd9fba4d1bd42c
parent: bce697f3c5cce47adda90ed428a2d7a4b0f50a41 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index f85237f..8a3cca9 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1183,8 +1183,9 @@
 
 # System server may dump profile data for debuggable apps in the /data/misc/profman.
 # As such it needs to be able create files but it should never read from them.
+# It also needs to stat the directory to check if it has the right permissions.
 allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
-allow system_server profman_dump_data_file:dir w_dir_perms;
+allow system_server profman_dump_data_file:dir rw_dir_perms;
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`
commit	10aa6465d931a9d736599a60e88bdc7b84f39a40	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Tue Dec 13 17:50:02 2022 +0000
committer	Jiakai Zhang <jiakaiz@google.com>	Tue Jan 03 16:48:11 2023 +0000
tree	36aeca383ae55f76478e18b500cd9fba4d1bd42c
parent	bce697f3c5cce47adda90ed428a2d7a4b0f50a41 [diff]