Merge changes I1cb8c3ac,Ib1a914b9 * changes: Grant artd read permissions on current profile directories. Grant artd write permissions on profile directories.

commit: 3e068f977f5f6e5b191814c5cf9d247ae10905b2 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Sep 26 12:27:56 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Sep 26 12:27:56 2022 +0000
tree: 9d9315d9204c2cd50a8c217668fa526b5b5b76c8
parent: d014aa2ca1186d0a7bd784089b3d655929c2e833 [diff]
parent: 28e69a4156a58a797806d9d4431e6625da74981f [diff]
diff --git a/private/artd.te b/private/artd.te
index 58fe6ef..cb2b6c2 100644
--- a/private/artd.te
+++ b/private/artd.te

@@ -1,5 +1,6 @@
 # ART service daemon.
 typeattribute artd coredomain;
+typeattribute artd mlstrustedsubject;
 type artd_exec, system_file_type, exec_type, file_type;
 type artd_tmpfs, file_type;
 
@@ -62,7 +63,8 @@
 allow artd self:global_capability_class_set { dac_override dac_read_search fowner chown };
 
 # Read/write access to profiles (/data/misc/profiles/{ref,cur}/...).
-allow artd user_profile_data_file:dir { getattr search };
+allow artd user_profile_root_file:dir { getattr search };
+allow artd user_profile_data_file:dir rw_dir_perms;
 allow artd user_profile_data_file:file create_file_perms;
 
 # Never allow running other binaries without a domain transition.
commit	3e068f977f5f6e5b191814c5cf9d247ae10905b2	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Sep 26 12:27:56 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Sep 26 12:27:56 2022 +0000
tree	9d9315d9204c2cd50a8c217668fa526b5b5b76c8
parent	d014aa2ca1186d0a7bd784089b3d655929c2e833 [diff]
parent	28e69a4156a58a797806d9d4431e6625da74981f [diff]