Allow compos to getattr on authfs Bug: 161471326 Bug: 196635431 Test: ComposTestCase Change-Id: I3a4073726d31686c8eb945ba9417cb2afe238d79

commit: 5f6e4324b3cf528793572e22ef72e6a93ba317d3 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Fri Aug 13 15:30:36 2021 -0700
committer: Victor Hsieh <victorhsieh@google.com> Fri Aug 13 15:48:21 2021 -0700
tree: 4eea4fbec070ee4ec7f8f8d88849ebf6b97a6747
parent: 2cc457c4fbb4d8f53361c6562e0fe72cdd739dae [diff]
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 05936a6..b8ad335 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te

@@ -24,5 +24,9 @@
 # authfs_service.
 allow compos authfs_fuse:file { read write };
 
+# Allow getattr (in fact, getxattr) as a workaround to retrieve fs-verity
+# metadata. See b/196635431.
+allow compos authfs_fuse:file getattr;
+
 # Allow domain transition into dex2oat.
 domain_auto_trans(compos, dex2oat_exec, dex2oat)
commit	5f6e4324b3cf528793572e22ef72e6a93ba317d3	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Fri Aug 13 15:30:36 2021 -0700
committer	Victor Hsieh <victorhsieh@google.com>	Fri Aug 13 15:48:21 2021 -0700
tree	4eea4fbec070ee4ec7f8f8d88849ebf6b97a6747
parent	2cc457c4fbb4d8f53361c6562e0fe72cdd739dae [diff]