From 85f255b8e6a30f7e40fd70bccf51d8138be5d0ba Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Mon, 18 Aug 2014 17:09:38 -0700
Subject: [PATCH] DO NOT MERGE. Allow debuggerd read access to shared_relro
 files.

Addresses the following denial when debuggerd attempts to stat Webview mmap'd
shared relro files on process crash.  Full read permissions may not be necessary:

W/debuggerd(  185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir

Bug: 17101854
Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
---
 debuggerd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debuggerd.te b/debuggerd.te
index 6bbeac4a6..16f4cbedf 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom;
 allow debuggerd tombstone_data_file:dir relabelto;
 allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
+allow debuggerd shared_relro_file:dir r_dir_perms;
+allow debuggerd shared_relro_file:file r_file_perms;
 allow debuggerd domain:process { sigstop signal };
 allow debuggerd exec_type:file r_file_perms;
 # Access app library