Allow setattr for chattr Bug: 138322712 Test: No denial for chattr on boot Change-Id: I9fdfc8ff4d3d0b2743ca572f4c3e64477f97cd84

commit: e4c966648ef0642bbd7d6cb8041c38fcb4e963e3 [log] [tgz]
author: Daniel Rosenberg <drosen@google.com> Mon Feb 03 17:57:03 2020 -0800
committer: Daniel Rosenberg <drosen@google.com> Mon Feb 03 17:57:03 2020 -0800
tree: d5b92d3dce56c578711a6971b5dad64934b44d30
parent: 4de3228c461d54752a5ca0d011ffc13686e0a3cb [diff]
diff --git a/public/toolbox.te b/public/toolbox.te
index 1dd06f9..4c2cc3e 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te

@@ -29,7 +29,7 @@
 allow toolbox system_data_file:file { getattr unlink };
 
 # chattr +F and chattr +P /data/media in init
-allow toolbox media_rw_data_file:dir { r_dir_perms };
+allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
 allowxperm toolbox media_rw_data_file:dir ioctl {
   FS_IOC_FSGETXATTR
   FS_IOC_FSSETXATTR
commit	e4c966648ef0642bbd7d6cb8041c38fcb4e963e3	[log] [tgz]
author	Daniel Rosenberg <drosen@google.com>	Mon Feb 03 17:57:03 2020 -0800
committer	Daniel Rosenberg <drosen@google.com>	Mon Feb 03 17:57:03 2020 -0800
tree	d5b92d3dce56c578711a6971b5dad64934b44d30
parent	4de3228c461d54752a5ca0d011ffc13686e0a3cb [diff]