grant permissions of dir /data/server_configurable_flags grant rw_dir_perms of dir /data/server_configurable_flags to flags_health_check.te, in order to enable flags_health_check to record reset flags data as file under this dir for later use. See function: server_configurable_flags::ServerConfigurableFlagsReset for how the permission is used. Test: manual on device Change-Id: I1df7b8cadfbe279f26bf828e9e725ce170a376f7

commit: 4aecb3f2eba874931d9275a6b8e7efad94cc8dd2 [log] [tgz]
author: Hongyi Zhang <hongyiz@google.com> Tue Nov 20 11:17:35 2018 -0800
committer: Hongyi Zhang <hongyiz@google.com> Tue Nov 20 12:40:01 2018 -0800
tree: d179a7206600e90dd1609652ec45fd30a9798481
parent: 745d3839e4bf4ca01601c5c2c63a4a80830d816c [diff]
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index c17ce9f..a626895 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te

@@ -9,6 +9,7 @@
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(flags_health_check, device_config_flags_health_check_prop)
 
+allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
 
 # system property device_config_boot_count_prop is used for deciding when to perform server
@@ -25,5 +26,4 @@
 # server_configurable_flags_data_file is used for storing whether server configurable flags which
 # have been reset during current booting. Mistakenly modified by unrelated components can
 # cause bad server configurable flags synced back to device.
-
 neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
commit	4aecb3f2eba874931d9275a6b8e7efad94cc8dd2	[log] [tgz]
author	Hongyi Zhang <hongyiz@google.com>	Tue Nov 20 11:17:35 2018 -0800
committer	Hongyi Zhang <hongyiz@google.com>	Tue Nov 20 12:40:01 2018 -0800
tree	d179a7206600e90dd1609652ec45fd30a9798481
parent	745d3839e4bf4ca01601c5c2c63a4a80830d816c [diff]