Allow system_server to read vendor_file Input device configuration files .idc, .kl that are placed in /vendor are currently not accessible. Allow the read access here. Bug: 112880217 Test: move .idc and .kl files from /system to /vendor, then observe logcat. With this patch, avc denials disappear. Change-Id: I72ad62b9adf415f787565adced73fd8aaff38832

commit: 3639f57960811d6a41ca1968dea70a4315d5bbec [log] [tgz]
author: Siarhei Vishniakou <svv@google.com> Mon Oct 08 12:04:15 2018 -0700
committer: Siarhei Vishniakou <svv@google.com> Fri Oct 12 02:42:09 2018 +0000
tree: 263b7ed256648a13b1c77b04f2ac8b6352c863a8
parent: 9977e25411969764ac0bab16f7bbb530ee15ccd6 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index e916415..048e5b2 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -352,6 +352,11 @@
 allow system_server apk_tmp_file:dir create_dir_perms;
 allow system_server apk_tmp_file:file create_file_perms;
 
+# Access input configuration files in the /vendor directory
+r_dir_file(system_server, vendor_keylayout_file)
+r_dir_file(system_server, vendor_keychars_file)
+r_dir_file(system_server, vendor_idc_file)
+
 # Access /vendor/{app,framework,overlay}
 r_dir_file(system_server, vendor_app_file)
 r_dir_file(system_server, vendor_framework_file)
commit	3639f57960811d6a41ca1968dea70a4315d5bbec	[log] [tgz]
author	Siarhei Vishniakou <svv@google.com>	Mon Oct 08 12:04:15 2018 -0700
committer	Siarhei Vishniakou <svv@google.com>	Fri Oct 12 02:42:09 2018 +0000
tree	263b7ed256648a13b1c77b04f2ac8b6352c863a8
parent	9977e25411969764ac0bab16f7bbb530ee15ccd6 [diff] [blame]