Allow system_server to read sepolicy from sysfs Bug: 308471499 Test: let system server hash the policy Change-Id: I8fc171e25636698d787be029c00471e0768f4c7a

commit: 5d102ffeb1358be6556e0203be669d0733a205a7 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Mon Oct 30 17:24:35 2023 -0700
committer: Victor Hsieh <victorhsieh@google.com> Wed Nov 01 15:02:53 2023 -0700
tree: d6a2a3961cb2ea158f4d19cf55a07ee396e253a1
parent: 2892de504ddf2f4215a7994831775f170dc667ee [diff]
diff --git a/private/system_server.te b/private/system_server.te
index f9627e3..4801969 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -927,6 +927,9 @@
 allow system_server sysfs_zram:dir search;
 allow system_server sysfs_zram:file rw_file_perms;
 
+# Read /sys/fs/selinux/policy
+allow system_server kernel:security read_policy;
+
 add_service(system_server, system_server_service);
 allow system_server artd_service:service_manager find;
 allow system_server audioserver_service:service_manager find;
commit	5d102ffeb1358be6556e0203be669d0733a205a7	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Mon Oct 30 17:24:35 2023 -0700
committer	Victor Hsieh <victorhsieh@google.com>	Wed Nov 01 15:02:53 2023 -0700
tree	d6a2a3961cb2ea158f4d19cf55a07ee396e253a1
parent	2892de504ddf2f4215a7994831775f170dc667ee [diff]