From 0091bbe0ceddf97ab4020b64fb0b3b89750fa86d Mon Sep 17 00:00:00 2001
From: Envy123 <liwuli@huawei.com>
Date: Wed, 3 Sep 2025 22:43:02 +0800
Subject: [PATCH] selinux

Signed-off-by: Envy123 <liwuli@huawei.com>
---
 .../customization/enterprise_device_management/system/edm_sa.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/customization/enterprise_device_management/system/edm_sa.te b/sepolicy/ohos_policy/customization/enterprise_device_management/system/edm_sa.te
index 7d50f1fb8..4d43e8327 100644
--- a/sepolicy/ohos_policy/customization/enterprise_device_management/system/edm_sa.te
+++ b/sepolicy/ohos_policy/customization/enterprise_device_management/system/edm_sa.te
@@ -25,7 +25,7 @@ allow edm_sa const_postinstall_fstab_param:file { map open read };
 allow edm_sa const_postinstall_param:file { map open read };
 allow edm_sa const_product_param:file { map open read };
 allow edm_sa data_file:dir { add_name open read remove_name search write };
-allow edm_sa data_service_el1_file:dir { search read write open add_name remove_name };
+allow edm_sa data_service_el1_file:dir { search read write open add_name remove_name getattr };
 allow edm_sa time_param:parameter_service { set };
 
 # avc:  denied  { lock } for  pid=3779 comm="IPC_6_3929" path="/data/service/el1/public/edm/edmdb.db-shm" dev="mmcblk0p12" ino=10573 scontext=u:r:edm_sa:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
-- 
Gitee