DO NOT MERGE. Allow debuggerd read access to shared_relro files.
Addresses the following denial when debuggerd attempts to stat Webview mmap'd
shared relro files on process crash. Full read permissions may not be necessary:
W/debuggerd( 185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir
Bug: 17101854
Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
This commit is contained in:
dcashman
parent
9a725b284e
commit
85f255b8e6
1 changed files with 2 additions and 0 deletions
|
|
@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom;
|
|||
allow debuggerd tombstone_data_file:dir relabelto;
|
||||
allow debuggerd tombstone_data_file:dir create_dir_perms;
|
||||
allow debuggerd tombstone_data_file:file create_file_perms;
|
||||
allow debuggerd shared_relro_file:dir r_dir_perms;
|
||||
allow debuggerd shared_relro_file:file r_file_perms;
|
||||
allow debuggerd domain:process { sigstop signal };
|
||||
allow debuggerd exec_type:file r_file_perms;
|
||||
# Access app library
|
||||
|
|
|
|||
Loading…
Reference in a new issue