Allow app_zygote to read zygote_tmpfs.

app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.

Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: forrest
Ignore-AOSP-First: cherry pick of https://r.android.com/1753279
Change-Id: I6ddf433dbbf4a894fcb6d35c0cb723444d360e47
This commit is contained in:
Martijn Coenen 2021-07-01 22:07:32 +02:00 committed by Orion Hodson
parent ae1b59975a
commit 67db7e2d88
2 changed files with 6 additions and 0 deletions

View file

@ -41,6 +41,9 @@ selinux_check_context(app_zygote)
# Check SELinux permissions. # Check SELinux permissions.
selinux_check_access(app_zygote) selinux_check_access(app_zygote)
# Read and inspect temporary files managed by zygote.
allow app_zygote zygote_tmpfs:file { read getattr };
###### ######
###### Policy below is shared with regular zygote-spawned apps ###### Policy below is shared with regular zygote-spawned apps
###### ######

View file

@ -41,6 +41,9 @@ selinux_check_context(app_zygote)
# Check SELinux permissions. # Check SELinux permissions.
selinux_check_access(app_zygote) selinux_check_access(app_zygote)
# Read and inspect temporary files managed by zygote.
allow app_zygote zygote_tmpfs:file { read getattr };
###### ######
###### Policy below is shared with regular zygote-spawned apps ###### Policy below is shared with regular zygote-spawned apps
###### ######