Allow traced_probes to read packages.list.
Bug:123186697
Change-Id: Ifa480ae42f00740a39b8126e8fa6fd2120ac9b61
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 689ff5c..2136fe1 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -29,6 +29,9 @@
# Allow procfs access
r_dir_file(traced_probes, domain)
+# Allow to read packages.list file.
+allow traced_probes packages_list_file:file r_file_perms;
+
# Allow to log to kernel dmesg when starting / stopping ftrace.
allow traced_probes kmsg_device:chr_file write;
@@ -41,7 +44,8 @@
allow traced_probes apk_data_file:dir { getattr open read search };
allow traced_probes dalvikcache_data_file:dir { getattr open read search };
userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read search };
+# search and getattr are granted via domain and coredomain, respectively.
+allow traced_probes system_data_file:dir { open read };
')
allow traced_probes system_app_data_file:dir { getattr open read search };
allow traced_probes backup_data_file:dir { getattr open read search };
@@ -108,7 +112,7 @@
neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced_probes { data_file_type -zoneinfo_data_file }:file *;
+neverallow traced_probes { data_file_type -zoneinfo_data_file -packages_list_file }:file *;
# Only init is allowed to enter the traced_probes domain via exec()
neverallow { domain -init } traced_probes:process transition;