netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps
This is so that we can potentially verify that things
are setup right.
Test: TreeHugger
Bug: 275209284
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44
diff --git a/private/netutils_wrapper.te b/private/netutils_wrapper.te
index 900b35c..01f1915 100644
--- a/private/netutils_wrapper.te
+++ b/private/netutils_wrapper.te
@@ -26,7 +26,7 @@
# the whole chain including the xt_bpf rules. They need to access to the pinned
# program when reloading the rule.
allow netutils_wrapper { fs_bpf fs_bpf_netd_shared }:dir search;
-allow netutils_wrapper { fs_bpf fs_bpf_netd_shared }:file read;
+allow netutils_wrapper { fs_bpf fs_bpf_netd_shared }:file { getattr read };
allow netutils_wrapper { fs_bpf }:file write;
allow netutils_wrapper bpfloader:bpf prog_run;