Merge "sepolicy: Allow system_server to use execmem in emulator builds with software rendering."
am: a1f3cae304
Change-Id: I55b7f80eadadf9872b3bceeebccaab99d30e612b
This commit is contained in:
Peter Collingbourne
android-build-merger
commit
b3b9adcb7f
2 changed files with 7 additions and 1 deletions
|
|
@ -13,6 +13,7 @@ $(hide) $(M4) --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
|
|||
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
|
||||
-D target_treble_sysprop_neverallow=$(PRIVATE_TREBLE_SYSPROP_NEVERALLOW) \
|
||||
-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
|
||||
-D target_requires_insecure_execmem_for_swiftshader=$(PRODUCT_REQUIRES_INSECURE_EXECMEM_FOR_SWIFTSHADER) \
|
||||
$(PRIVATE_TGT_RECOVERY) \
|
||||
-s $(PRIVATE_POLICY_FILES) > $@
|
||||
endef
|
||||
|
|
|
|||
|
|
@ -983,7 +983,12 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
|
|||
# system_server should never use JIT functionality
|
||||
# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
|
||||
# in the section titled "A Short ROP Chain" for why.
|
||||
neverallow system_server self:process execmem;
|
||||
# However, in emulator builds without OpenGL passthrough, we use software
|
||||
# rendering via SwiftShader, which requires JIT support. These builds are
|
||||
# never shipped to users.
|
||||
ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
|
||||
`allow system_server self:process execmem;',
|
||||
`neverallow system_server self:process execmem;')
|
||||
neverallow system_server ashmem_device:chr_file execute;
|
||||
|
||||
# TODO: deal with tmpfs_domain pub/priv split properly
|
||||
|
|
|
|||
Loading…
Reference in a new issue