From 893d8ddff7f4eb0018c5248384ac42a3c5c9e259 Mon Sep 17 00:00:00 2001
From: Enzo Liao <enzoliao@google.com>
Date: Fri, 10 Mar 2023 15:20:15 +0800
Subject: [PATCH] SSRestarDetector: modify the SELinux policy to allow access
 files owned by system for Whitechapel.

It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)

Bug: 234359369
Design: http://go/pd-client-for-lab
Test: manual (http://b/271555983#comment3)
Change-Id: I1c9544ca2ebe1857c439f00c4589f739aca8e157
---
 whitechapel/vendor/google/ssr_detector.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/ssr_detector.te b/whitechapel/vendor/google/ssr_detector.te
index 934028e1..f27fcc5b 100644
--- a/whitechapel/vendor/google/ssr_detector.te
+++ b/whitechapel/vendor/google/ssr_detector.te
@@ -4,7 +4,8 @@ app_domain(ssr_detector_app)
 allow ssr_detector_app app_api_service:service_manager find;
 allow ssr_detector_app radio_service:service_manager find;
 
-allow ssr_detector_app system_app_data_file:dir r_dir_perms;
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
 
 allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
 allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;