From cd10eb955090f76847c27c2a621f3f8abc80bbc3 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Mon, 18 Aug 2014 17:09:38 -0700
Subject: [PATCH] Allow debuggerd read access to shared_relro files.

Addresses the following denial when debuggerd attempts to stat Webview mmap'd
shared relro files on process crash.  Full read permissions may not be necessary:

W/debuggerd(  185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir

Bug: 17101854
Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
---
 debuggerd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debuggerd.te b/debuggerd.te
index 22afe63ac..b94607485 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom;
 allow debuggerd tombstone_data_file:dir relabelto;
 allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
+allow debuggerd shared_relro_file:dir r_dir_perms;
+allow debuggerd shared_relro_file:file r_file_perms;
 allow debuggerd domain:process { sigstop signal };
 allow debuggerd exec_type:file r_file_perms;
 # Access app library
-- 
GitLab