From 090645b36df5e41cabd182604ca0d8b06bb6fc11 Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Fri, 30 Aug 2013 15:44:33 -0700
Subject: [PATCH] Give Zygote the ability to write app data files.

This fixes another bug encountered while taking bugreports.

Bug: 10498304
Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
---
 zygote.te | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/zygote.te b/zygote.te
index 9a5bc4b67..87f72bfbe 100644
--- a/zygote.te
+++ b/zygote.te
@@ -11,9 +11,9 @@ allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
-# Allow zygote to read app data dirs (b/10455872)
-allow zygote appdomain:dir search;
-allow zygote appdomain:file { r_file_perms };
+# Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
+allow zygote appdomain:dir { getattr search };
+allow zygote appdomain:file { r_file_perms write };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
-- 
GitLab