Explicitly allow system_server to (m)map data files
Linux kernel 4.14+ SELinux starts explicit map permission check for file mmap operations. Add this permission to system_server for data file access, which is used in scenario such as "adb install" of APK's. test: no longer see SELinux map denial on "adb install" Change-Id: Id6016dd0b3f15dfdb0f02509ea812dee61ac78ed
This commit is contained in:
David Ng
Benjamin Gordon
parent
c8ed855ede
commit
383471c267
1 changed files with 1 additions and 1 deletions
|
|
@ -481,7 +481,7 @@ allow system_server {
|
|||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:file { getattr read write append };
|
||||
}:file { getattr read write append map };
|
||||
|
||||
# Access to /data/media for measuring disk usage.
|
||||
allow system_server media_rw_data_file:dir { search getattr open read };
|
||||
|
|
|
|||
Loading…
Reference in a new issue