profman/debuggerd: allow libart_file:file r_file_perms Addresses the following auditallow spam: avc: granted { read open } for comm="profman" path="/system/lib/libart.so" dev="dm-0" ino=1368 scontext=u:r:profman:s0 tcontext=u:object_r:libart_file:s0 tclass=file avc: granted { read open } for comm="debuggerd64" path="/system/lib64/libart.so" dev="dm-0" ino=1897 scontext=u:r:debuggerd:s0 tcontext=u:object_r:libart_file:s0 tclass=file avc: granted { getattr } for comm="debuggerd64" path="/system/lib64/libart.so" dev="dm-0" ino=1837 scontext=u:r:debuggerd:s0 tcontext=u:object_r:libart_file:s0 tclass=file Test: Policy compiles. Not a tightening of rules. Change-Id: I501b0a6a343c61b3ca6283647a18a9a15deddf2a

commit: 364fd197826ed5e635da4eb130d2e34576ea4ef3 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Nov 08 09:08:55 2016 -0800
committer: Nick Kralevich <nnk@google.com> Tue Nov 08 09:28:28 2016 -0800
tree: 2c1a8792ed2d7694480d595dd4c4508efcdaf2f3
parent: 9785f2addd24282370b5158abb1d5640e1738219 [diff] [blame]
diff --git a/public/debuggerd.te b/public/debuggerd.te
index da1314a..33f8878 100644
--- a/public/debuggerd.te
+++ b/public/debuggerd.te

@@ -23,7 +23,7 @@
 allow debuggerd shared_relro_file:dir r_dir_perms;
 allow debuggerd shared_relro_file:file r_file_perms;
 allow debuggerd domain:process { sigstop sigkill signal };
-allow debuggerd exec_type:file r_file_perms;
+allow debuggerd { exec_type libart_file }:file r_file_perms;
 # Access app library
 allow debuggerd system_data_file:file open;
 # Allow debuggerd to redirect a dump_backtrace request to itself.
commit	364fd197826ed5e635da4eb130d2e34576ea4ef3	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Nov 08 09:08:55 2016 -0800
committer	Nick Kralevich <nnk@google.com>	Tue Nov 08 09:28:28 2016 -0800
tree	2c1a8792ed2d7694480d595dd4c4508efcdaf2f3
parent	9785f2addd24282370b5158abb1d5640e1738219 [diff] [blame]