Merge "Give apps read permissions on its own profile directory." into main

commit: c6b3fcd145d154a34e39d6ee1a16b31beebb5866 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Mon Mar 10 02:37:54 2025 -0700
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Mar 10 02:37:54 2025 -0700
tree: 2d59ba6e3c6a063ba1d1c098edfe639ab4314dd6
parent: e79aa67527ed586366ec831f6b7c5631828e7f7e [diff]
parent: 4c3f1b68ab996ad31934a9467a1d9116c34c5647 [diff]
diff --git a/private/app.te b/private/app.te
index b359663..a32cdb2 100644
--- a/private/app.te
+++ b/private/app.te

@@ -371,7 +371,7 @@
 
 # Write profiles /data/misc/profiles
 allow appdomain user_profile_root_file:dir search;
-allow appdomain user_profile_data_file:dir w_dir_perms;
+allow appdomain user_profile_data_file:dir rw_dir_perms;
 allow appdomain user_profile_data_file:file create_file_perms;
 
 # Allow writing performance tracing data into the perfetto traced daemon.

diff --git a/private/system_server.te b/private/system_server.te
index 7bdcaef..bdfec3b 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1296,7 +1296,7 @@
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`
-  allow system_server user_profile_data_file:dir w_dir_perms;
+  allow system_server user_profile_data_file:dir rw_dir_perms;
   allow system_server user_profile_data_file:file create_file_perms;
 ')
 # Allow system server to load JVMTI agents under control of a property.
commit	c6b3fcd145d154a34e39d6ee1a16b31beebb5866	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Mon Mar 10 02:37:54 2025 -0700
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Mar 10 02:37:54 2025 -0700
tree	2d59ba6e3c6a063ba1d1c098edfe639ab4314dd6
parent	e79aa67527ed586366ec831f6b7c5631828e7f7e [diff]
parent	4c3f1b68ab996ad31934a9467a1d9116c34c5647 [diff]