From e03626021e341b48665ae55a34493cafafd1a08d Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Tue, 27 Aug 2013 18:47:08 -0700
Subject: [PATCH] Add capabilities to Zygote to fix valgrind.

Bug: 10455872
Change-Id: I98885e8cd1e4f9ab0d3e2af6d79b078a000db539
---
 zygote.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zygote.te b/zygote.te
index 6fb17251a..9a5bc4b67 100644
--- a/zygote.te
+++ b/zygote.te
@@ -11,6 +11,9 @@ allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
+# Allow zygote to read app data dirs (b/10455872)
+allow zygote appdomain:dir search;
+allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
-- 
GitLab