Add capabilities to Zygote to fix valgrind.

Bug: 10455872 Change-Id: I98885e8cd1e4f9ab0d3e2af6d79b078a000db539
2013-08-27 18:47:08 -07:00 · 2013-08-27 18:47:08 -07:00 · e03626021e
commit e03626021e
parent 29d0d40668
1 changed files with 3 additions and 0 deletions
--- a/zygote.te
+++ b/zygote.te
@ -11,6 +11,9 @@ allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
+# Allow zygote to read app data dirs (b/10455872)
+allow zygote appdomain:dir search;
+allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };