domain: allow dir search in selinuxfs Domain is already allowed to stat selinuxfs, it also needs dir search. Addresses: avc: denied { search } for name="/" dev="selinuxfs" ino=1 scontext=u:r:watchdogd:s0 tcontext=u:object_r:selinuxfs:s0 tclass=dir Change-Id: I3e5bb96e905db480a2727038f80315d9544e9c07

commit: 45517a7547de0a9f0c13b5907c243456ec61bf04 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Mon Jan 25 10:15:01 2016 -0800
committer: Jeffrey Vander Stoep <jeffv@google.com> Mon Jan 25 18:18:36 2016 +0000
tree: 0a3de66b165d750cf94269da37c0bd3851a87afb
parent: c1b0ffcfdcb331d578eb159b58b871041e49fb90 [diff]
diff --git a/domain.te b/domain.te
index c5296c4..60025fd 100644
--- a/domain.te
+++ b/domain.te

@@ -117,6 +117,7 @@
 allow domain proc_cpuinfo:file r_file_perms;
 
 # toybox loads libselinux which stats /sys/fs/selinux/
+allow domain selinuxfs:dir search;
 allow domain selinuxfs:file getattr;
 allow domain sysfs:dir search;
 allow domain selinuxfs:filesystem getattr;
commit	45517a7547de0a9f0c13b5907c243456ec61bf04	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Mon Jan 25 10:15:01 2016 -0800
committer	Jeffrey Vander Stoep <jeffv@google.com>	Mon Jan 25 18:18:36 2016 +0000
tree	0a3de66b165d750cf94269da37c0bd3851a87afb
parent	c1b0ffcfdcb331d578eb159b58b871041e49fb90 [diff]