system_server: grant read access to vendor/framework
avc: denied { getattr } for path="/vendor/framework"
scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_framework_file:s0
tclass=dir
Bug: 68826235
Test: boot Taimen, verify denials no longer occur.
Change-Id: Id4b311fd423342c8d6399c3b724417aff9d1cd88
diff --git a/private/bug_map b/private/bug_map
index ee9abee..1ff1ffe 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -7,7 +7,6 @@
priv_app sysfs_android_usb file 72749888
priv_app system_data_file dir 72811052
system_server crash_dump process 73128755
-system_server vendor_framework_file dir 68826235
untrusted_app_25 system_data_file dir 72550646
untrusted_app_27 system_data_file dir 72550646
usbd usbd capability 72472544
diff --git a/private/system_server.te b/private/system_server.te
index a52c5c7..de2e3fe 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -335,10 +335,9 @@
allow system_server apk_tmp_file:dir create_dir_perms;
allow system_server apk_tmp_file:file create_file_perms;
-# Access /vendor/app
+# Access /vendor/{app,framework,overlay}
r_dir_file(system_server, vendor_app_file)
-
-# Access /vendor/app
+r_dir_file(system_server, vendor_framework_file)
r_dir_file(system_server, vendor_overlay_file)
# Manage /data/app-private.