diff options
author | Narayan Kamath <narayan@google.com> | 2016-08-23 17:02:57 +0100 |
---|---|---|
committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-11-09 16:05:56 -0800 |
commit | 3593eb138f1be00cc7a567cbda5087e545268254 (patch) | |
tree | 6b7e5596a8829575c27006881a05df3639a74cc7 | |
parent | 9bc9c5aa961679cd8110b17556fe925876e83bcb (diff) | |
download | android_external_sepolicy-3593eb138f1be00cc7a567cbda5087e545268254.tar.gz android_external_sepolicy-3593eb138f1be00cc7a567cbda5087e545268254.tar.bz2 android_external_sepolicy-3593eb138f1be00cc7a567cbda5087e545268254.zip |
Allow the zygote to stat all files it opens.stable/cm-13.0-ZNH0E
CYNGNOS-3303
bug: 30963384
Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5
(cherry picked from commit 3ff0b0282688c3776904b8e5409a4dfb7f231e73)
-rw-r--r-- | zygote.te | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -37,6 +37,13 @@ allow zygote dex2oat_exec:file rx_file_perms; # Control cgroups. allow zygote cgroup:dir create_dir_perms; allow zygote self:capability sys_admin; +# Allow zygote to stat the files that it opens. The zygote must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384 +# allow zygote pmsg_device:chr_file { getattr }; +allow zygote debugfs:dir search; +allow zygote debugfs:file { getattr }; + # Check validity of SELinux context before use. selinux_check_context(zygote) # Check SELinux permissions. |