Give apps read permissions on its own profile directory. The ART profiles are saved by the ART runtime on behalf of the app, using atomic file replacement (the profile is saved as a temporary file and renamed to the final location). After the rename, we want to flush the directory, so that the changes are reflected immediately. The flushing requires read permissions on the directory. This is particularly useful on a force save, where app developers may want to dump the saved profile through adb immediately. Bug: 398982550 Test: Presubmit Change-Id: I404414afe7a6f1e3295903c71ec3f3b7f8c74056

commit: 4c3f1b68ab996ad31934a9467a1d9116c34c5647 [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Wed Mar 05 06:32:13 2025 -0800
committer: Jiakai Zhang <jiakaiz@google.com> Wed Mar 05 06:32:38 2025 -0800
tree: ad364df5605cb7387ab70f6547c1213cb63de741
parent: e398f7f6f18bdba6e34233cc41afb7b7381f98f2 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 7bdcaef..bdfec3b 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1296,7 +1296,7 @@
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`
-  allow system_server user_profile_data_file:dir w_dir_perms;
+  allow system_server user_profile_data_file:dir rw_dir_perms;
   allow system_server user_profile_data_file:file create_file_perms;
 ')
 # Allow system server to load JVMTI agents under control of a property.
commit	4c3f1b68ab996ad31934a9467a1d9116c34c5647	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Wed Mar 05 06:32:13 2025 -0800
committer	Jiakai Zhang <jiakaiz@google.com>	Wed Mar 05 06:32:38 2025 -0800
tree	ad364df5605cb7387ab70f6547c1213cb63de741
parent	e398f7f6f18bdba6e34233cc41afb7b7381f98f2 [diff] [blame]