allow untrusted_app_all system_linker_exec:file execute_no_trans
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)
Addresses the following denial:
avc: denied { execute_no_trans } for comm="Chrome_IOThread" path="/bionic/bin/linker" dev="loop5" ino=24 scontext=u:r:untrusted_app_27:s0:c106,c256,c512,c768 tcontext=u:object_r:system_linker_exec:s0 tclass=file permissive=0 app=com.android.chrome
Test: compiles and builds.
Change-Id: I14f80592a74c36754c28313e94399258b2c42170
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 2d07ecd..f1419b9 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -25,6 +25,10 @@
allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
allow untrusted_app_all app_data_file:file { r_file_perms execute };
+# Chrome Crashpad uses the the dynamic linker to load native executables
+# from an APK (b/112050209, crbug.com/928422)
+allow untrusted_app_all system_linker_exec:file execute_no_trans;
+
# Follow priv-app symlinks. This is used for dynamite functionality.
allow untrusted_app_all privapp_data_file:lnk_file r_file_perms;