Merge "Allow keystore to read and write keystore.crash_count system property." into sc-dev

commit: 2a5ab822158d71c89ae1727f86f177a92db941e1 [log] [tgz]
author: Hasini Gunasinghe <hasinitg@google.com> Fri Jul 09 00:08:41 2021 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Jul 09 00:08:41 2021 +0000
tree: 5992860f6bc30c504c8af701e75cbe57c4acb4bd
parent: b03c657b2bd52d6f4092747607f21563a38321ed [diff]
parent: 9fe1532ade1c47068e2c9e840a695288d78ecdc2 [diff]
diff --git a/prebuilts/api/31.0/private/app_zygote.te b/prebuilts/api/31.0/private/app_zygote.te
index cb023ec..004c108 100644
--- a/prebuilts/api/31.0/private/app_zygote.te
+++ b/prebuilts/api/31.0/private/app_zygote.te

@@ -41,6 +41,9 @@
 # Check SELinux permissions.
 selinux_check_access(app_zygote)
 
+# Read and inspect temporary files managed by zygote.
+allow app_zygote zygote_tmpfs:file { read getattr };
+
 ######
 ###### Policy below is shared with regular zygote-spawned apps
 ######

diff --git a/private/app_zygote.te b/private/app_zygote.te
index cb023ec..004c108 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te

@@ -41,6 +41,9 @@
 # Check SELinux permissions.
 selinux_check_access(app_zygote)
 
+# Read and inspect temporary files managed by zygote.
+allow app_zygote zygote_tmpfs:file { read getattr };
+
 ######
 ###### Policy below is shared with regular zygote-spawned apps
 ######
commit	2a5ab822158d71c89ae1727f86f177a92db941e1	[log] [tgz]
author	Hasini Gunasinghe <hasinitg@google.com>	Fri Jul 09 00:08:41 2021 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Jul 09 00:08:41 2021 +0000
tree	5992860f6bc30c504c8af701e75cbe57c4acb4bd
parent	b03c657b2bd52d6f4092747607f21563a38321ed [diff]
parent	9fe1532ade1c47068e2c9e840a695288d78ecdc2 [diff]