update_verifier: read dir perms Allow update_verifier to load the boot_control_hal in passthrough mode. Test: update_verifier works, no denials Bug: 34656553 Change-Id: I5c20ce67c8f1fd195f2429dae497221514ed95a8

commit: bafa38e0cec4cc32cf135b342874c14136ab3f29 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Tue Jan 24 12:29:50 2017 -0800
committer: Steven Moreland <smoreland@google.com> Tue Jan 24 20:45:18 2017 +0000
tree: c768046d7c23ffbabc9e09d904579ad6aaf2fc7d
parent: 21cb045bd5f8715cdad13bc4f242b0e2028bc56d [diff]
diff --git a/public/update_verifier.te b/public/update_verifier.te
index abbc766..5ee5258 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te

@@ -3,6 +3,9 @@
 type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;
 
+# find the boot_control_hal
+allow update_verifier system_file:dir r_dir_perms;
+
 # Allow update_verifier to reach block devices in /dev/block.
 allow update_verifier block_device:dir search;
commit	bafa38e0cec4cc32cf135b342874c14136ab3f29	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Tue Jan 24 12:29:50 2017 -0800
committer	Steven Moreland <smoreland@google.com>	Tue Jan 24 20:45:18 2017 +0000
tree	c768046d7c23ffbabc9e09d904579ad6aaf2fc7d
parent	21cb045bd5f8715cdad13bc4f242b0e2028bc56d [diff]