Allow the zygote to stat all files it opens. (cherry picked from commit 63203a015c1a86d24bd4440bbecdd5ac57b89d04) bug: 30963384 Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5

commit: 221938cbee580d0d1627db98f8b74e4d68dbc557 [log] [tgz]
author: Narayan Kamath <narayan@google.com> Tue Aug 23 17:02:57 2016 +0100
committer: Jeff Vander Stoep <jeffv@google.com> Mon Sep 12 15:46:38 2016 -0700
tree: 9b1ca19ef4fc2adc609f60ab14700d67c0ea954b
parent: bff9801521abb36a243131114e70f905fb1238ef [diff]
diff --git a/zygote.te b/zygote.te
index 4708c3b..41b8c07 100644
--- a/zygote.te
+++ b/zygote.te

@@ -40,6 +40,12 @@
 allow zygote cgroup:dir create_dir_perms;
 allow zygote cgroup:{ file lnk_file } r_file_perms;
 allow zygote self:capability sys_admin;
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384
+allow zygote pmsg_device:chr_file { getattr };
+allow zygote debugfs_trace_marker:file { getattr };
+
 # Check validity of SELinux context before use.
 selinux_check_context(zygote)
 # Check SELinux permissions.
commit	221938cbee580d0d1627db98f8b74e4d68dbc557	[log] [tgz]
author	Narayan Kamath <narayan@google.com>	Tue Aug 23 17:02:57 2016 +0100
committer	Jeff Vander Stoep <jeffv@google.com>	Mon Sep 12 15:46:38 2016 -0700
tree	9b1ca19ef4fc2adc609f60ab14700d67c0ea954b
parent	bff9801521abb36a243131114e70f905fb1238ef [diff]