servicemanager: allow to read VINTF files in recovery. Test: manual Bug: 206888109 Change-Id: I2b7f0f33c27beb0d4401d1d697fdc58e7c62986f

commit: 259491ba0bb2cbb30c8825b69dc556a24defe41e [log] [tgz]
author: Yifan Hong <elsk@google.com> Tue Dec 07 14:31:04 2021 -0800
committer: Yifan Hong <elsk@google.com> Tue Dec 07 16:22:53 2021 -0800
tree: 5957d66a0977c175b7f1735f4374efea916bd0ec
parent: d725f8acaf88643ea14ea735c186401f3ac5cf28 [diff]
diff --git a/public/servicemanager.te b/public/servicemanager.te
index 12004da..a812338 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te

@@ -31,7 +31,10 @@
 # Check SELinux permissions.
 selinux_check_access(servicemanager)
 
-# In recovery, log to kmsg.
 recovery_only(`
+  # In recovery, log to kmsg.
   allow servicemanager kmsg_device:chr_file rw_file_perms;
+
+  # Read VINTF files.
+  r_dir_file(servicemanager, rootfs)
 ')
commit	259491ba0bb2cbb30c8825b69dc556a24defe41e	[log] [tgz]
author	Yifan Hong <elsk@google.com>	Tue Dec 07 14:31:04 2021 -0800
committer	Yifan Hong <elsk@google.com>	Tue Dec 07 16:22:53 2021 -0800
tree	5957d66a0977c175b7f1735f4374efea916bd0ec
parent	d725f8acaf88643ea14ea735c186401f3ac5cf28 [diff]