From 437d1c0534e68b05cc34f9872995caba16fb1d67 Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Tue, 14 Feb 2017 16:05:36 -0800
Subject: [PATCH] crash_dump: allow read of APK files.

Fixes type=1400 audit(0.0:3901): avc: denied { open } for comm="crash_dump32" path="/data/app/com.chrome.canary-H8gGiCrQUqTZha2IybgrlA==/base.apk" dev="sda35" ino=1384523 scontext=u:r:crash_dump:s0:c522,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1

Bug: http://b/34978531
Change-Id: I0374145f71059c3f104055bf4e8dcf08b1101f2a
---
 public/crash_dump.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/crash_dump.te b/public/crash_dump.te
index e1327e49e..a4e903b6c 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -28,6 +28,9 @@ allow crash_dump exec_type:file r_file_perms;
 allow crash_dump dalvikcache_data_file:dir { search getattr };
 allow crash_dump dalvikcache_data_file:file r_file_perms;
 
+# Read APK files.
+r_dir_file(crash_dump, apk_data_file);
+
 # Talk to tombstoned
 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
 
-- 
GitLab