From 75a41c595140b8e018d817aa066878294c309aa3 Mon Sep 17 00:00:00 2001
From: "Torne (Richard Coles)" <torne@google.com>
Date: Wed, 31 May 2017 14:23:03 -0400
Subject: [PATCH] Allow shared_relro to connect to activity_service.

The comment in the policy implied this was already the case, but it
wasn't actually being used and appears to have been removed. This will
now be required by a framework change, so actually add the rule to allow
it.

Bug: 19061358
Test: verify that WebViewLoader process doesn't die from selinux denial
Change-Id: Ib1ed9138a83660ae343e0b665cdfadccdd0c6c97
---
 public/shared_relro.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/shared_relro.te b/public/shared_relro.te
index 91cf44d02..8fe1fead5 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -6,4 +6,5 @@ allow shared_relro shared_relro_file:dir rw_dir_perms;
 allow shared_relro shared_relro_file:file create_file_perms;
 
 # Needs to contact the "webviewupdate" and "activity" services
+allow shared_relro activity_service:service_manager find;
 allow shared_relro webviewupdate_service:service_manager find;
-- 
GitLab