75a41c5951
The comment in the policy implied this was already the case, but it wasn't actually being used and appears to have been removed. This will now be required by a framework change, so actually add the rule to allow it. Bug: 19061358 Test: verify that WebViewLoader process doesn't die from selinux denial Change-Id: Ib1ed9138a83660ae343e0b665cdfadccdd0c6c97
10 lines
464 B
Text
10 lines
464 B
Text
# Process which creates/updates shared RELRO files to be used by other apps.
|
|
type shared_relro, domain;
|
|
|
|
# Grant write access to the shared relro files/directory.
|
|
allow shared_relro shared_relro_file:dir rw_dir_perms;
|
|
allow shared_relro shared_relro_file:file create_file_perms;
|
|
|
|
# Needs to contact the "webviewupdate" and "activity" services
|
|
allow shared_relro activity_service:service_manager find;
|
|
allow shared_relro webviewupdate_service:service_manager find;
|