grant system_server read permission of server_configurable_flags_data server_configurable_flags_data_file is used for storing server configurable flags which have been reset during current booting. system_server needs to read the data to perform related disaster recovery actions. For how the data is read, see SettingsToPropertiesMapper.java. Test: build succeeds & manual on device Change-Id: Ifa22aecc13af2c574579299d28433622abbe6b85

commit: b61ac077dd0b7e67b275bf55f0d089de8ac47bf1 [log] [tgz]
author: Hongyi Zhang <hongyiz@google.com> Tue Nov 27 13:23:21 2018 -0800
committer: Hongyi Zhang <hongyiz@google.com> Tue Nov 27 13:29:08 2018 -0800
tree: 60a54bff3bff7055b28addf5b67d3f5b62693de4
parent: d81a36ad47d05eafaacebdd2265360d9a626dfae [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index b88721e..edb6c7b 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -540,6 +540,12 @@
 # FingerprintService.java does a restorecon of the directory /data/system/users/[0-9]+/fpdata(/.*)?
 allow system_server system_data_file:dir relabelfrom;
 
+# server_configurable_flags_data_file is used for storing server configurable flags which
+# have been reset during current booting. system_server needs to read the data to perform related
+# disaster recovery actions.
+allow system_server server_configurable_flags_data_file:dir r_dir_perms;
+allow system_server server_configurable_flags_data_file:file r_file_perms;
+
 # Property Service write
 set_prop(system_server, system_prop)
 set_prop(system_server, exported_system_prop)
commit	b61ac077dd0b7e67b275bf55f0d089de8ac47bf1	[log] [tgz]
author	Hongyi Zhang <hongyiz@google.com>	Tue Nov 27 13:23:21 2018 -0800
committer	Hongyi Zhang <hongyiz@google.com>	Tue Nov 27 13:29:08 2018 -0800
tree	60a54bff3bff7055b28addf5b67d3f5b62693de4
parent	d81a36ad47d05eafaacebdd2265360d9a626dfae [diff] [blame]