Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052

am: ceeee0e4cf

Change-Id: I1476980b7652130dc022080e791a5999f45ebf1e
This commit is contained in:
Jeff Vander Stoep 2019-04-02 20:52:23 -07:00 committed by android-build-merger
commit 3d23317c01
3 changed files with 6 additions and 2 deletions

View file

@ -42,7 +42,7 @@ allow untrusted_app_25 proc_misc:file r_file_perms;
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
# Text relocation support for API < 23
# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;

View file

@ -27,6 +27,10 @@ untrusted_app_domain(untrusted_app_27)
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod;
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;

View file

@ -1118,7 +1118,7 @@ neverallow * self:process { execstack execheap };
# Do not allow the introduction of new execmod rules. Text relocations
# and modification of executable pages are unsafe.
neverallow { domain -untrusted_app_25 } file_type:file execmod;
neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
neverallow { domain -init } proc:{ file dir } mounton;