From 383471c267b6792f1625f8f771d8e0c0b9090300 Mon Sep 17 00:00:00 2001 From: David Ng Date: Wed, 11 Apr 2018 10:43:57 -0700 Subject: [PATCH] Explicitly allow system_server to (m)map data files Linux kernel 4.14+ SELinux starts explicit map permission check for file mmap operations. Add this permission to system_server for data file access, which is used in scenario such as "adb install" of APK's. test: no longer see SELinux map denial on "adb install" Change-Id: Id6016dd0b3f15dfdb0f02509ea812dee61ac78ed --- private/system_server.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private/system_server.te b/private/system_server.te index bbd031b49..d1e09be0b 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -481,7 +481,7 @@ allow system_server { shell_data_file app_data_file privapp_data_file -}:file { getattr read write append }; +}:file { getattr read write append map }; # Access to /data/media for measuring disk usage. allow system_server media_rw_data_file:dir { search getattr open read };