From b7c881f89a646e05a964f0713b074d57293ee71f Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sat, 12 Sep 2015 04:35:44 -0400
Subject: [PATCH] document the non-ART-related reasons for execmem

Change-Id: I455fe33345dd1ae8dc49cb7b70cbf1e7c1b3e271
---
 app.te         | 3 ++-
 mediaserver.te | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app.te b/app.te
index 9431fd1df..37ab9a305 100644
--- a/app.te
+++ b/app.te
@@ -7,8 +7,9 @@
 ### zygote spawned apps should be added here.
 ###
 
-# Dalvik Compiler JIT Mapping.
+# WebView and other application-specific JIT compilers
 allow appdomain self:process execmem;
+
 allow appdomain ashmem_device:chr_file execute;
 
 # Receive and use open file descriptors inherited from zygote.
diff --git a/mediaserver.te b/mediaserver.te
index f38a3ec6f..65438ba89 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -14,7 +14,9 @@ binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
 binder_service(mediaserver)
 
+# Required by Widevine DRM (b/22990512)
 allow mediaserver self:process execmem;
+
 allow mediaserver kernel:system module_request;
 allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;