tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

app: allow PROT_EXEC on ashmem objects

Browse source 
This fixes a bug introduced in aosp/1143430 where the permission
should have been included for the newly introduced
ashmem_libcutils_device type.

Test: Build
Bug: 150193534
Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38
This commit is contained in:
Jeff Vander Stoep 2020-02-25 19:37:20 +01:00
parent f173b14363
commit 789ebf03ba
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/system_server.te
View file

@ -1058,7 +1058,7 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
`allow system_server self:process execmem;',
`neverallow system_server self:process execmem;')
neverallow system_server ashmem_device:chr_file execute;
neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow system_server system_server_tmpfs:file execute;

2
public/app.te
View file

@ -11,7 +11,7 @@ type appdomain_tmpfs, file_type;
# WebView and other application-specific JIT compilers
allow appdomain self:process execmem;
allow appdomain ashmem_device:chr_file execute;
allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;