Skip to content
Snippets Groups Projects
Commit 090645b3 authored by Geremy Condra's avatar Geremy Condra
Browse files

Give Zygote the ability to write app data files. 

This fixes another bug encountered while taking bugreports.

Bug: 10498304
Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
parent e0362602
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 3 deletions
zygote.te
+ 3
3
View file @ 090645b3
...@@ -11,9 +11,9 @@ allow zygote self:capability setpcap; ...@@ -11,9 +11,9 @@ allow zygote self:capability setpcap;
# Switch SELinux context to app domains. # Switch SELinux context to app domains.
allow zygote system:process dyntransition; allow zygote system:process dyntransition;
allow zygote appdomain:process dyntransition; allow zygote appdomain:process dyntransition;
# Allow zygote to read app data dirs (b/10455872) # Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
allow zygote appdomain:dir search; allow zygote appdomain:dir { getattr search };
allow zygote appdomain:file { r_file_perms }; allow zygote appdomain:file { r_file_perms write };
# Move children into the peer process group. # Move children into the peer process group.
allow zygote system:process { getpgid setpgid }; allow zygote system:process { getpgid setpgid };
allow zygote appdomain:process { getpgid setpgid }; allow zygote appdomain:process { getpgid setpgid };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment