Allow dumpstate to read symlink under dalvik-cache
This fixes the following policy violation:
avc: denied { read } pid=30295 comm="app_process"
tcontext=u:object_r:dalvikcache_data_file:s0
scontext=u:r:dumpstate:s0 tclass=lnk_file
permissive=0 ppid=26813 pcomm="dumpstate"
pgid=26813 pgcomm="dumpstate"
See 0e32726 in app.te for a symmetrical
change.
Change-Id: Iecbccd5fd0046ec193f08b26f9db618dee7a80c1
This commit is contained in:
Kazuki Nakayama
Johan Redestig
parent
983e2afe65
commit
9103c9751c
1 changed files with 1 additions and 0 deletions
|
|
@ -88,6 +88,7 @@ allow dumpstate dumpstate_tmpfs:file execute;
|
|||
allow dumpstate self:process execmem;
|
||||
# For art.
|
||||
allow dumpstate dalvikcache_data_file:file execute;
|
||||
allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
|
||||
|
||||
# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
|
||||
allow dumpstate gpu_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue