Allow domains to read tmpfs symlinks. Domains have the ability to read normal tmpfs files but not symlinks. Grant this ability. In particular, allow domains to read /mnt/sdcard. Addresses the following denial: type=1400 audit(0.0:19):avc: denied { read } for comm=4173796E635461736B202333 name="sdcard" dev="tmpfs" ino=7475 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0 Bug: 20755029 Change-Id: I0268eb00e0eb43feb2d5bca1723b87b7a44f31a9

commit: 2b0b8299b2f144165290b18855a9ca256492564c [log] [tgz]
author: dcashman <dcashman@google.com> Mon Jul 13 15:31:01 2015 -0700
committer: dcashman <dcashman@google.com> Mon Jul 13 15:31:01 2015 -0700
tree: c9da7021dd2dc7440f618429b7caf4ab28bf3df9
parent: ffc86bea0e38147a9330177708aedbccd603627a [diff]
diff --git a/domain.te b/domain.te
index 19797c6..eb22ec7 100644
--- a/domain.te
+++ b/domain.te

@@ -6,6 +6,7 @@
 # Read access to properties mapping.
 allow domain kernel:fd use;
 allow domain tmpfs:file { read getattr };
+allow domain tmpfs:lnk_file { read getattr };
 
 # Search /storage/emulated tmpfs mount.
 allow domain tmpfs:dir r_dir_perms;
commit	2b0b8299b2f144165290b18855a9ca256492564c	[log] [tgz]
author	dcashman <dcashman@google.com>	Mon Jul 13 15:31:01 2015 -0700
committer	dcashman <dcashman@google.com>	Mon Jul 13 15:31:01 2015 -0700
tree	c9da7021dd2dc7440f618429b7caf4ab28bf3df9
parent	ffc86bea0e38147a9330177708aedbccd603627a [diff]