Merge "Allow app_zygote to map memfd backed memeory as PROT_EXEC" am: c01d3fb36c am: 6c61a71e33 am: 67c9ae04ba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2623093 Change-Id: Icf8b2ce1f59d6624f1c85aa7ad429d9ee82d72c3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Dimitry Ivanov
Automerger Merge Worker
commit
38986ba77c
1 changed files with 3 additions and 0 deletions
|
|
@ -20,6 +20,9 @@ allow app_zygote isolated_app:process dyntransition;
|
|||
# For JIT
|
||||
allow app_zygote self:process execmem;
|
||||
|
||||
# Allow exec mapping from tmpfs (memfds) for binary translation
|
||||
allow app_zygote app_zygote_tmpfs:file execute;
|
||||
|
||||
# Allow app_zygote to stat the files that it opens. It must
|
||||
# be able to inspect them so that it can reopen them on fork
|
||||
# if necessary: b/30963384.
|
||||
|
|
|
|||
Loading…
Reference in a new issue