PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "app: allow PROT_EXEC on ashmem objects" am: e2d909ae89

Browse Source 
Change-Id: If7fccd01af17fbd097a12a47596b7199bb276ab0
This commit is contained in:
Automerger Merge Worker 2020-02-26 18:54:21 +00:00
commit 1398f17b5e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
private/system_server.te
View File

@ -1058,7 +1058,7 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
`allow system_server self:process execmem;',
`neverallow system_server self:process execmem;')
neverallow system_server ashmem_device:chr_file execute;
neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow system_server system_server_tmpfs:file execute;

2
public/app.te
View File

@ -11,7 +11,7 @@ type appdomain_tmpfs, file_type;
# WebView and other application-specific JIT compilers
allow appdomain self:process execmem;
allow appdomain ashmem_device:chr_file execute;
allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;