Skip to content
This repository was archived by the owner on Nov 3, 2021. It is now read-only.

Commit

Permalink
DO NOT MERGE. Allow debuggerd read access to shared_relro files.
Browse files Browse the repository at this point in the history 
Addresses the following denial when debuggerd attempts to stat Webview mmap'd
shared relro files on process crash.  Full read permissions may not be necessary:

W/debuggerd(  185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir

Bug: 17101854
Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
  • Loading branch information
dcashman committed Aug 19, 2014
1 parent 9a725b2 commit 85f255b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions debuggerd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ allow debuggerd system_data_file:dir relabelfrom;
allow debuggerd tombstone_data_file:dir relabelto;
allow debuggerd tombstone_data_file:dir create_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms;
allow debuggerd shared_relro_file:dir r_dir_perms;
allow debuggerd shared_relro_file:file r_file_perms;
allow debuggerd domain:process { sigstop signal };
allow debuggerd exec_type:file r_file_perms;
# Access app library
Expand Down

0 comments on commit 85f255b

Please sign in to comment.