Perms back to domain allow reading symlinks in /data and getattr in /system Change-Id: I8cc9ca056725cf10ebfeef474ebf9c80c5300a73

commit: 9a3d1c6bbe73d3e5cfeb582564f971bc1cbe155a [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Nov 25 09:31:40 2015 -0800
committer: Jeff Vander Stoep <jeffv@google.com> Wed Nov 25 09:31:40 2015 -0800
tree: 882eb838a94584b7c1ecade18575c392fac34625
parent: 9b2b447212649b867312b87e8eb6f8efdf5ae07b [diff]
diff --git a/domain.te b/domain.te
index 1050725..f1b0d58 100644
--- a/domain.te
+++ b/domain.te

@@ -84,12 +84,13 @@
 write_logd(domain)
 
 # System file accesses.
-allow domain system_file:dir search;
+allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
 # files under /data.
 allow domain system_data_file:dir { search getattr };
+allow domain system_data_file:lnk_file read;
 
 # required by the dynamic linker
 allow domain proc:lnk_file read;
commit	9a3d1c6bbe73d3e5cfeb582564f971bc1cbe155a	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Nov 25 09:31:40 2015 -0800
committer	Jeff Vander Stoep <jeffv@google.com>	Wed Nov 25 09:31:40 2015 -0800
tree	882eb838a94584b7c1ecade18575c392fac34625
parent	9b2b447212649b867312b87e8eb6f8efdf5ae07b [diff]