tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "app: allow PROT_EXEC on ashmem objects"

Browse source
This commit is contained in:
Jeffrey Vander Stoep 2020-02-26 18:36:55 +00:00 committed by Gerrit Code Review
commit e2d909ae89
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/system_server.te
View file

@ -1058,7 +1058,7 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
`allow system_server self:process execmem;',
`neverallow system_server self:process execmem;')
neverallow system_server ashmem_device:chr_file execute;
neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow system_server system_server_tmpfs:file execute;

2
public/app.te
View file

@ -11,7 +11,7 @@ type appdomain_tmpfs, file_type;
# WebView and other application-specific JIT compilers
allow appdomain self:process execmem;
allow appdomain ashmem_device:chr_file execute;
allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;