Skip to content
Snippets Groups Projects
Commit cd10eb95 authored by dcashman's avatar dcashman
Browse files

Allow debuggerd read access to shared_relro files. 

Addresses the following denial when debuggerd attempts to stat Webview mmap'd
shared relro files on process crash.  Full read permissions may not be necessary:

W/debuggerd(  185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir

Bug: 17101854
Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
parent 302f59aa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
debuggerd.te
+ 2
0
View file @ cd10eb95
...@@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom; ...@@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom;
allow debuggerd tombstone_data_file:dir relabelto; allow debuggerd tombstone_data_file:dir relabelto;
allow debuggerd tombstone_data_file:dir create_dir_perms; allow debuggerd tombstone_data_file:dir create_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms; allow debuggerd tombstone_data_file:file create_file_perms;
allow debuggerd shared_relro_file:dir r_dir_perms;
allow debuggerd shared_relro_file:file r_file_perms;
allow debuggerd domain:process { sigstop signal }; allow debuggerd domain:process { sigstop signal };
allow debuggerd exec_type:file r_file_perms; allow debuggerd exec_type:file r_file_perms;
# Access app library # Access app library
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment