tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reland "sepolicy: fix zygote JIT permissions w.r.t. ashmem"

Browse source 
zygote now allocates JIT memory using libcutils API (aosp/1135101)
instead of going to /dev/ashmem directly, which requires execute
permissions to ashmem_libcutils_device.

Bug: 134434505
Change-Id: I3b5eeac1ec06d8d70da327743174ca83eec6b41c
Test: boot crosshatch
This commit is contained in:
Tri Vo 2019-10-15 22:26:56 +00:00
parent 09d9076513
commit f25025f6ff
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/zygote.te
View file

@ -53,7 +53,7 @@ allow zygote dalvikcache_data_file:file execute;
# Allow zygote to create JIT memory. # Allow zygote to create JIT memory.
allow zygote self:process execmem; allow zygote self:process execmem;
allow zygote zygote_tmpfs:file execute; allow zygote zygote_tmpfs:file execute;
allow zygote ashmem_device:chr_file execute; allow zygote ashmem_libcutils_device:chr_file execute;
# Execute idmap and dex2oat within zygote's own domain. # Execute idmap and dex2oat within zygote's own domain.
# TODO: Should either of these be transitioned to the same domain # TODO: Should either of these be transitioned to the same domain