Give Zygote the ability to write app data files.

This fixes another bug encountered while taking bugreports. Bug: 10498304 Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd

Give Zygote the ability to write app data files.
This fixes another bug encountered while taking bugreports. Bug: 10498304 Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
fc2bd01b · Geremy Condra · 81560733 · fc2bd01b
Commit fc2bd01b authored 11 years ago by Geremy Condra
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

zygote.te zygote.te +2 -2

No files found.
--- a/zygote.te
+++ b/zygote.te
@@ -11,9 +11,9 @@ allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
-# Allow zygote to read app data dirs (b/10455872)
+# Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
 allow zygote appdomain:dir { getattr search };
-allow zygote appdomain:file { r_file_perms };
+allow zygote appdomain:file { r_file_perms write };
 # Move children into the peer process group.
 allow zygote system:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };