crash_dump: allow read of APK files.

Fixes type=1400 audit(0.0:3901): avc: denied { open } for comm="crash_dump32" path="/data/app/com.chrome.canary-H8gGiCrQUqTZha2IybgrlA==/base.apk" dev="sda35" ino=1384523 scontext=u:r:crash_dump:s0:c522,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 Bug: http://b/34978531 Change-Id: I0374145f71059c3f104055bf4e8dcf08b1101f2a
2017-02-14 16:05:36 -08:00 · 2017-02-14 16:05:36 -08:00 · 437d1c0534
commit 437d1c0534
parent fb6783391e
1 changed files with 3 additions and 0 deletions
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@ -28,6 +28,9 @@ allow crash_dump exec_type:file r_file_perms;
 allow crash_dump dalvikcache_data_file:dir { search getattr };
 allow crash_dump dalvikcache_data_file:file r_file_perms;

+# Read APK files.
+r_dir_file(crash_dump, apk_data_file);
+
 # Talk to tombstoned
 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)