Allow webview_zygote to "search" vendor apex dirs

Now, root dir and apex_manifest.pb of vendor apex mounts are labelled as vendor_apex_metadata_file. For webview_zygote to read overlays from vendor apexes it needs to be allowed to "search" the roots of vendor apexes. Bug: 286330836 Test: atest CtsWebkitTestCases:android.webkit.cts.WebViewTest#testAddJavascriptInterface Change-Id: I5ea333800221e272a4e678b00326a79a6398c861
2023-06-08 13:17:08 +09:00 · 2023-06-08 13:17:08 +09:00 · f91152af55
commit f91152af55
parent 49b818497f
1 changed files with 3 additions and 0 deletions
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@ -35,6 +35,9 @@ allow webview_zygote dalvikcache_data_file:lnk_file r_file_perms;
 allow webview_zygote { apex_art_data_file dalvikcache_data_file }:file { r_file_perms execute };
 allow webview_zygote apex_module_data_file:dir search;

+# To load overlay from /apex (vendor APEXes)
+allow webview_zygote vendor_apex_metadata_file:dir search;
+
 # Allow webview_zygote to create JIT memory.
 allow webview_zygote self:process execmem;