Merge "Allow app_zygote to read zygote_tmpfs."

2021-07-05 09:10:23 +00:00 · 2021-07-05 09:10:23 +00:00 · 829f582107
commit 829f582107
parent 6ab599ec46 57907a87dc
1 changed files with 3 additions and 0 deletions
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@ -41,6 +41,9 @@ selinux_check_context(app_zygote)
 # Check SELinux permissions.
 selinux_check_access(app_zygote)

+# Read and inspect temporary files managed by zygote.
+allow app_zygote zygote_tmpfs:file { read getattr };
+
 ######
 ###### Policy below is shared with regular zygote-spawned apps
 ######