Reland "sepolicy: fix zygote JIT permissions w.r.t. ashmem"
zygote now allocates JIT memory using libcutils API (aosp/1135101) instead of going to /dev/ashmem directly, which requires execute permissions to ashmem_libcutils_device. Bug: 134434505 Change-Id: I3b5eeac1ec06d8d70da327743174ca83eec6b41c Test: boot crosshatch
This commit is contained in:
Tri Vo
parent
09d9076513
commit
f25025f6ff
1 changed files with 1 additions and 1 deletions
|
|
@ -53,7 +53,7 @@ allow zygote dalvikcache_data_file:file execute;
|
|||
# Allow zygote to create JIT memory.
|
||||
allow zygote self:process execmem;
|
||||
allow zygote zygote_tmpfs:file execute;
|
||||
allow zygote ashmem_device:chr_file execute;
|
||||
allow zygote ashmem_libcutils_device:chr_file execute;
|
||||
|
||||
# Execute idmap and dex2oat within zygote's own domain.
|
||||
# TODO: Should either of these be transitioned to the same domain
|
||||
|
|
|
|||
Loading…
Reference in a new issue