Skip to content
Snippets Groups Projects
Commit a60342b7 authored by Narayan Kamath's avatar Narayan Kamath
Browse files

Allow the zygote to stat all files it opens. 

bug: 30963384

(cherry picked from commit 63203a01)

Change-Id: Ifa4b9a645f8edcf51e3f025316106e5b65a4790d
parent 7e380216
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
zygote.te
+ 6
0
View file @ a60342b7
...@@ -39,6 +39,12 @@ allow zygote dex2oat_exec:file rx_file_perms; ...@@ -39,6 +39,12 @@ allow zygote dex2oat_exec:file rx_file_perms;
# Control cgroups. # Control cgroups.
allow zygote cgroup:dir create_dir_perms; allow zygote cgroup:dir create_dir_perms;
allow zygote self:capability sys_admin; allow zygote self:capability sys_admin;
# Allow zygote to stat the files that it opens. The zygote must
# be able to inspect them so that it can reopen them on fork
# if necessary: b/30963384
allow zygote pmsg_device:chr_file { getattr };
allow zygote debugfs_trace_marker:file { getattr };
# Check validity of SELinux context before use. # Check validity of SELinux context before use.
selinux_check_context(zygote) selinux_check_context(zygote)
# Check SELinux permissions. # Check SELinux permissions.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment