Add userfaultfd selinux policy for app_zygote

Like zygote, webview_zygote, add userfaultfd policy for app_zygote as well. Bug: 160737021 Test: manual (use userfaultfd in an app-zygote) Change-Id: I42f558c5b646bb0bd83b81fddfb608567f95c811
2022-03-09 21:43:00 -08:00 · 2022-03-09 21:43:00 -08:00 · b016e51150
commit b016e51150
parent e29df1ec4a
1 changed files with 3 additions and 0 deletions
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@ -56,6 +56,9 @@ allow app_zygote zygote:process sigchld;
 r_dir_file(app_zygote, dalvikcache_data_file);
 allow app_zygote dalvikcache_data_file:file execute;

+# For ART (allow userfaultfd and related ioctls)
+userfaultfd_use(app_zygote)
+
 # Read /data/misc/apexdata/ to (get to com.android.art/dalvik-cache).
 allow app_zygote apex_module_data_file:dir search;
 # For ART APEX (read /data/misc/apexdata/com.android.art/dalvik-cache).