From 221938cbee580d0d1627db98f8b74e4d68dbc557 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Tue, 23 Aug 2016 17:02:57 +0100
Subject: [PATCH] Allow the zygote to stat all files it opens.

(cherry picked from commit 63203a015c1a86d24bd4440bbecdd5ac57b89d04)

bug: 30963384
Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5
---
 zygote.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/zygote.te b/zygote.te
index 4708c3b8c..41b8c070b 100644
--- a/zygote.te
+++ b/zygote.te
@@ -40,6 +40,12 @@ allow zygote dex2oat_exec:file rx_file_perms;
 allow zygote cgroup:dir create_dir_perms;
 allow zygote cgroup:{ file lnk_file } r_file_perms;
 allow zygote self:capability sys_admin;
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384
+allow zygote pmsg_device:chr_file { getattr };
+allow zygote debugfs_trace_marker:file { getattr };
+
 # Check validity of SELinux context before use.
 selinux_check_context(zygote)
 # Check SELinux permissions.
-- 
GitLab