Allow priv_app system_linker_exec:file execute_no_trans
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)
We made the equivalent change to untrusted_app_all in
9ea8c0701d162ec40d30b079778723d908e0edca but webview also runs in
priv_app contexts.
Bug: http://b/112050209
Test: treehugger
Change-Id: I19bbadc7f9c9e668e2c6d932c7da24f18e7731bd
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index ff7444f..10de777 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -75,6 +75,10 @@
# TODO: Tighten (b/112357170)
allow gmscore_app privapp_data_file:file execute;
+# Chrome Crashpad uses the the dynamic linker to load native executables
+# from an APK (b/112050209, crbug.com/928422)
+allow gmscore_app system_linker_exec:file execute_no_trans;
+
allow gmscore_app privapp_data_file:lnk_file create_file_perms;
# /proc access
diff --git a/private/priv_app.te b/private/priv_app.te
index 4b0218e..6ac095b 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -25,6 +25,10 @@
# TODO: Tighten (b/112357170)
allow priv_app privapp_data_file:file execute;
+# Chrome Crashpad uses the the dynamic linker to load native executables
+# from an APK (b/112050209, crbug.com/928422)
+allow priv_app system_linker_exec:file execute_no_trans;
+
allow priv_app privapp_data_file:lnk_file create_file_perms;
# Priv apps can find services that expose both @SystemAPI and normal APIs.