From a60342b7a4210e70782384b2d0b51bbe2afb3a63 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Tue, 23 Aug 2016 17:02:57 +0100
Subject: [PATCH] Allow the zygote to stat all files it opens.

bug: 30963384

(cherry picked from commit 63203a015c1a86d24bd4440bbecdd5ac57b89d04)

Change-Id: Ifa4b9a645f8edcf51e3f025316106e5b65a4790d
---
 zygote.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/zygote.te b/zygote.te
index 89dccfcf7..3de9f4068 100644
--- a/zygote.te
+++ b/zygote.te
@@ -39,6 +39,12 @@ allow zygote dex2oat_exec:file rx_file_perms;
 # Control cgroups.
 allow zygote cgroup:dir create_dir_perms;
 allow zygote self:capability sys_admin;
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384
+allow zygote pmsg_device:chr_file { getattr };
+allow zygote debugfs_trace_marker:file { getattr };
+
 # Check validity of SELinux context before use.
 selinux_check_context(zygote)
 # Check SELinux permissions.
-- 
GitLab