Remove platform_app from neverallow execute from /data
Apparently some manufacturers sign APKs with the platform key which use renderscript. Renderscript works by compiling the .so file, and placing it in the app's home directory, where the app loads the content. Drop platform_app from the neverallow restriction to allow partners to add rules allowing /data execute for this class of apps. We should revisit this in the future after we have a better solution for apps which use renderscript. Bug: 29857189 Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc
This commit is contained in:
Nick Kralevich
parent
eedacf8341
commit
c55cf17a6b
1 changed files with 0 additions and 1 deletions
1
app.te
1
app.te
|
|
@ -443,7 +443,6 @@ neverallow {
|
||||||
bluetooth
|
bluetooth
|
||||||
isolated_app
|
isolated_app
|
||||||
nfc
|
nfc
|
||||||
platform_app
|
|
||||||
radio
|
radio
|
||||||
shared_relro
|
shared_relro
|
||||||
system_app
|
system_app
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue