commit 37d732df161277097fb91ac16d361763367f4578
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Thu Feb 22 09:48:10 2024 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Feb 22 09:48:10 2024 +0000
tree 63007252651393a396173d62ab76e70b9e806b30
parent 0fd0b9fcdb029164ea08aca0fad33e6f13c1461b
parent 444ca3ef45670c62e7094133afb3ccc324ae4a82

Merge "Reland "[res] Allow accessing idmap files in all zygotes"" into main am: b4d6657a5c am: 444ca3ef45

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2970351

Change-Id: I4d7eced02efdead75dad6637d6a6bc012704934c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

private/app_zygote.te

diff --git a/private/app_zygote.te b/private/app_zygote.te
index e3869cd..b51f633 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -93,6 +93,10 @@
 # Allow app_zygote to access odsign verification status
 get_prop(app_zygote, odsign_prop)
 
+# /data/resource-cache
+allow app_zygote resourcecache_data_file:file r_file_perms;
+allow app_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####

private/webview_zygote.te

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 0556950..1e32c1f 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -93,6 +93,10 @@
 # Allow webview_zygote to access odsign verification status
 get_prop(zygote, odsign_prop)
 
+# /data/resource-cache
+allow webview_zygote resourcecache_data_file:file r_file_perms;
+allow webview_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####