From 9ea8c0701d162ec40d30b079778723d908e0edca Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 6 Feb 2019 13:19:19 -0800
Subject: [PATCH] allow untrusted_app_all system_linker_exec:file
 execute_no_trans

Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)

Addresses the following denial:

  avc: denied { execute_no_trans } for comm="Chrome_IOThread" path="/bionic/bin/linker" dev="loop5" ino=24 scontext=u:r:untrusted_app_27:s0:c106,c256,c512,c768 tcontext=u:object_r:system_linker_exec:s0 tclass=file permissive=0 app=com.android.chrome

Test: compiles and builds.
Change-Id: I14f80592a74c36754c28313e94399258b2c42170
---
 private/untrusted_app_all.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 2d07ecd1f..f1419b9f5 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -25,6 +25,10 @@
 allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
 allow untrusted_app_all app_data_file:file     { r_file_perms execute };
 
+# Chrome Crashpad uses the the dynamic linker to load native executables
+# from an APK (b/112050209, crbug.com/928422)
+allow untrusted_app_all system_linker_exec:file execute_no_trans;
+
 # Follow priv-app symlinks. This is used for dynamite functionality.
 allow untrusted_app_all privapp_data_file:lnk_file r_file_perms;