Allow webview_zygote to read the /data/user/0 symlink.
ART follows the /data/user/0 symlink while loading cache files, leading to: avc: denied { getattr } for comm="webview_zygote" path="/data/user/0" dev="sda35" ino=1310726 scontext=u:r:webview_zygote:s0 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=0 Allow this access, the same as app and app_zygote do. Bug: 123246126 Test: DeviceBootTest.SELinuxUncheckedDenialBootTest Change-Id: I90faa524e15a17b116a6087a779214f2c2142cc2
This commit is contained in:
parent
a0f998e6de
commit
d40f7fd9d5
@ -30,5 +30,4 @@ untrusted_app_27 mnt_user_file dir 118185801
|
||||
usbd usbd capability 72472544
|
||||
vold system_data_file file 124108085
|
||||
vrcore_app mnt_user_file dir 118185801
|
||||
webview_zygote system_data_file lnk_file 123246126
|
||||
zygote untrusted_app_25 process 77925912
|
||||
|
@ -75,6 +75,8 @@ r_dir_file(webview_zygote, vendor_overlay_file)
|
||||
|
||||
allow webview_zygote same_process_hal_file:file { execute read open getattr map };
|
||||
|
||||
allow webview_zygote system_data_file:lnk_file r_file_perms;
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
Loading…
Reference in New Issue
Block a user