From 3588ddd06d0a7514b43ac52d2ab85761454ee5aa Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 2 Jan 2018 13:15:16 -0800
Subject: [PATCH] webview_zygote: allow listing dirs in /system

For consistency with zygote, allow webview_zygote to list directories
in /system.

Test: Boot Taimen. Verify webiew_zygote denials during boot.
Bug: 70857705
Change-Id: I27eb18c377a5240d7430abf301c1c3af61704d59
---
 private/webview_zygote.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index f85d40cdb..7a11275d5 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -54,6 +54,9 @@ selinux_check_context(webview_zygote)
 # Check SELinux permissions.
 selinux_check_access(webview_zygote)
 
+# Directory listing in /system.
+allow zygote system_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####
-- 
GitLab