isolated_app: allow app_data_file lock

Chrome's WebSQL implementation works by running sqlite in the sandboxed renderer process, and sqlite expects to be able to call flock() on the database file. Bug: 20134929 Change-Id: Id33a2cd19b779144662056c6f3aba3365b0a2a54
2015-04-09 09:55:12 -07:00 · 2015-04-09 09:55:12 -07:00 · 53c84ed4f0
commit 53c84ed4f0
parent 186c82ff46
1 changed files with 1 additions and 1 deletions
--- a/isolated_app.te
+++ b/isolated_app.te
@ -13,7 +13,7 @@ type isolated_app, domain;
 app_domain(isolated_app)

 # Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { read write getattr };
+allow isolated_app app_data_file:file { read write getattr lock };

 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;