Let key-manager read test app /proc

Key-manager needs it to access /proc/<pid> in
security_manager_get_app_owner_uid().

Change-Id: Ic82dceeed8a310b40b8608007a90f08550d8556f

diff --git a/src/ckm/privileged/scoped-app-context.cpp b/src/ckm/privileged/scoped-app-context.cpp
index f19ac9e5aa27be3b17a0c913cdba3a9b7953a2e0..517f63b4b0308518f0f12796f5e17a9a03642c5d 100644 (file)
--- a/src/ckm/privileged/scoped-app-context.cpp
+++ b/src/ckm/privileged/scoped-app-context.cpp
@@ -33,7 +33,7 @@ ScopedAppContext::ScopedAppContext(const std::string& owner, uid_t user, gid_t g
     , m_oldUser(geteuid())
     , m_oldGroup(getegid())
 {
-    m_context.allowAccessFrom("System", "w");
+    m_context.allowAccessFrom("System", "rw"); // r needed to access client's /proc/<pid>/
     m_context.allowAccessTo("System", "w");
     m_context.allowAccessTo("System::Run", "wx"); // Necessary for logging with journald