From 80aaf85eedf1274953a2cfd3c393935871fb9b75 Mon Sep 17 00:00:00 2001
From: Nicolas Geoffray <ngeoffray@google.com>
Date: Thu, 30 Jan 2020 21:24:20 +0000
Subject: [PATCH] Add getattr access on tmpfs_zygote files for webview_zygote.

webview_zygote inherits tmpfs files from zygote and needs to stat
them after fork.

Bug: 138851227
Test: run walleye_jitzygote config, fork webview_zygote.
Change-Id: I092b942c0426f3f5731536ae9f2f5886a9196d3d
---
 private/webview_zygote.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index c618253e5..969ab9cc9 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -64,8 +64,8 @@ selinux_check_access(webview_zygote)
 # Directory listing in /system.
 allow webview_zygote system_file:dir r_dir_perms;
 
-# Read system properties managed by zygote.
-allow webview_zygote zygote_tmpfs:file read;
+# Read and inspect temporary files (like system properties) managed by zygote.
+allow webview_zygote zygote_tmpfs:file { read getattr };
 # Child of zygote.
 allow webview_zygote zygote:fd use;
 allow webview_zygote zygote:process sigchld;