Merge "Add getattr access on tmpfs_zygote files for webview_zygote."

commit: 89946d7e1ba3f31a5e38e1ed16b43fea72d6a689 [log] [tgz]
author: Nicolas Geoffray <ngeoffray@google.com> Fri Jan 31 08:09:05 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Jan 31 08:09:05 2020 +0000
tree: 226ef1e92ea9d50eae7e030126251d4fb5f48c84
parent: 499e0173b5d834f0d548284f92e350a83274465e [diff]
parent: 80aaf85eedf1274953a2cfd3c393935871fb9b75 [diff]
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index c618253..969ab9c 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te

@@ -64,8 +64,8 @@
 # Directory listing in /system.
 allow webview_zygote system_file:dir r_dir_perms;
 
-# Read system properties managed by zygote.
-allow webview_zygote zygote_tmpfs:file read;
+# Read and inspect temporary files (like system properties) managed by zygote.
+allow webview_zygote zygote_tmpfs:file { read getattr };
 # Child of zygote.
 allow webview_zygote zygote:fd use;
 allow webview_zygote zygote:process sigchld;
commit	89946d7e1ba3f31a5e38e1ed16b43fea72d6a689	[log] [tgz]
author	Nicolas Geoffray <ngeoffray@google.com>	Fri Jan 31 08:09:05 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Jan 31 08:09:05 2020 +0000
tree	226ef1e92ea9d50eae7e030126251d4fb5f48c84
parent	499e0173b5d834f0d548284f92e350a83274465e [diff]
parent	80aaf85eedf1274953a2cfd3c393935871fb9b75 [diff]