Closed Surendrajat closed 1 year ago
Wow, great find, thanks! Yes, I'm very happy to include this, that makes good sense.
Out of interest, do you know under which conditions SELinux enforces this? I haven't seen it on my test devices, but it does neatly explain some occasional real user issues like this bug you linked, and I've definitely seen the same issue elsewhere (the CA certs we inject require a similar setting).
@pimterry SELinux policy for files in /data/local/
is more restrictive by default unless your device meets one of the following scenarios:
userdebug
/eng
+ /data/local/tmp/chrome-command-line
is present (source)command_line_on_non_rooted_enabled
flag is set to true
(as you recommended in https://github.com/httptoolkit/httptoolkit/issues/325) + /data/local/tmp/chrome-command-line
is presentAs a side note, please do test this before merging as I've only tested this manually (via adb) & in some internal product yet.
Tested, this all looks good to me! Merged, I'll ship this out in the next release, watch this space.
awesome!
fixes https://github.com/httptoolkit/httptoolkit/issues/325
Turns out Chrome tries to read the
chrome-command-line
file from/data/local/
(unless ROM isuserdebug
and/data/local/tmp/chrome-command-line
is present - ref) and fails due to the following SELinux error:This only happens when SELinux is Enforcing and simply updating SELinux context of
/data/local/tmp/chrome-command-line
tou:object_r:shell_data_file:s0
(which is the context of files in/data/local/tmp/
) should solve this issue.