Allow webview_zygote to read the /data/user/0 symlink.

ART follows the /data/user/0 symlink while loading cache files, leading to: avc: denied { getattr } for comm="webview_zygote" path="/data/user/0" dev="sda35" ino=1310726 scontext=u:r:webview_zygote:s0 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=0 Allow this access, the same as app and app_zygote do. Bug: 123246126 Test: DeviceBootTest.SELinuxUncheckedDenialBootTest Change-Id: I90faa524e15a17b116a6087a779214f2c2142cc2
2019-04-11 15:30:51 -04:00 · 2019-04-11 15:30:51 -04:00 · d40f7fd9d5
commit d40f7fd9d5
parent a0f998e6de
2 changed files with 2 additions and 1 deletions
--- a/private/bug_map
+++ b/private/bug_map
@ -30,5 +30,4 @@ untrusted_app_27 mnt_user_file dir 118185801
 usbd usbd capability 72472544
 vold system_data_file file 124108085
 vrcore_app mnt_user_file dir 118185801
-webview_zygote system_data_file lnk_file 123246126
 zygote untrusted_app_25 process 77925912
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@ -75,6 +75,8 @@ r_dir_file(webview_zygote, vendor_overlay_file)

 allow webview_zygote same_process_hal_file:file { execute read open getattr map };

+allow webview_zygote system_data_file:lnk_file r_file_perms;
+
 #####
 ##### Neverallow
 #####