Allow the zygote to stat all files it opens.stable/cm-12.1-YOG7D

CYNGNOS-3303 bug: 30963384 Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5 (cherry picked from commit 3ff0b0282688c3776904b8e5409a4dfb7f231e73) (cherry picked from commit 7e482bdb0566a5a64f1a5ce559abc76150a75659) (cherry picked from commit 20418f7a443a55ecd8e9a0001c28c3c20ba51f91)
author: Narayan Kamath <narayan@google.com> 2016-08-23 17:02:57 +0100
committer: Jessica Wagantall <jwagantall@cyngn.com> 2016-11-16 15:18:20 -0700
commit: aff9c34fbc14537c4713fe6dddb3e9458081aaf7 (patch)
tree: 1f42949af98652c18a50eb417a549fa4377ba114
parent: fc45381380fcc8e87106cc6c1ff1fdc0151f853f (diff)
download: android_external_sepolicy-stable/cm-12.1-YOG7D.tar.gz
android_external_sepolicy-stable/cm-12.1-YOG7D.tar.bz2
android_external_sepolicy-stable/cm-12.1-YOG7D.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/zygote.te b/zygote.te
index adbea06..add3b9c 100644
--- a/zygote.te
+++ b/zygote.te
@@ -37,6 +37,13 @@ allow zygote dex2oat_exec:file rx_file_perms;
 # Control cgroups.
 allow zygote cgroup:dir create_dir_perms;
 allow zygote self:capability sys_admin;
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384
+# allow zygote pmsg_device:chr_file { getattr };
+allow zygote debugfs:dir search;
+allow zygote debugfs:file { getattr };
+
 # Check validity of SELinux context before use.
 selinux_check_context(zygote)
 # Check SELinux permissions.
author	Narayan Kamath <narayan@google.com>	2016-08-23 17:02:57 +0100
committer	Jessica Wagantall <jwagantall@cyngn.com>	2016-11-16 15:18:20 -0700
commit	aff9c34fbc14537c4713fe6dddb3e9458081aaf7 (patch)
tree	1f42949af98652c18a50eb417a549fa4377ba114
parent	fc45381380fcc8e87106cc6c1ff1fdc0151f853f (diff)
download	android_external_sepolicy-stable/cm-12.1-YOG7D.tar.gz android_external_sepolicy-stable/cm-12.1-YOG7D.tar.bz2 android_external_sepolicy-stable/cm-12.1-YOG7D.zip