Let apps read tombstones given to them. Bug: http://b/159164105 Test: atest CtsNativeTombstoneTestCases Change-Id: I278c7ab815bb044b939afeb1f8a5ae37ec2f4c91

commit: ce1c4a54ae797e740f12f07c8d093a0e93dfbd71 [log] [tgz]
author: Josh Gao <jmgao@google.com> Wed Feb 03 18:35:06 2021 -0800
committer: Josh Gao <jmgao@google.com> Mon Feb 08 17:19:43 2021 -0800
tree: 374e2df1507e80415460b0a2a7c1ad856e3312c6
parent: c86c173de7e4ad09ccb2dc8d19d9cfb4a287fcbe [diff]
diff --git a/private/app.te b/private/app.te
index 710b94d..2ade955 100644
--- a/private/app.te
+++ b/private/app.te

@@ -74,6 +74,11 @@
 # Allow APFE device info to read Virtual A/B props.
 get_prop(appdomain, virtual_ab_prop)
 
+# Allow access to tombstones if an fd to one is given to you.
+# This is restricted by unix permissions, so an app must go through system_server to get one.
+allow appdomain tombstone_data_file:file { getattr read };
+neverallow appdomain tombstone_data_file:file ~{ getattr read };
+
 # Sensitive app domains are not allowed to execute from /data
 # to prevent persistence attacks and ensure all code is executed
 # from read-only locations.
commit	ce1c4a54ae797e740f12f07c8d093a0e93dfbd71	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Wed Feb 03 18:35:06 2021 -0800
committer	Josh Gao <jmgao@google.com>	Mon Feb 08 17:19:43 2021 -0800
tree	374e2df1507e80415460b0a2a7c1ad856e3312c6
parent	c86c173de7e4ad09ccb2dc8d19d9cfb4a287fcbe [diff]