Merge "Allow profman to read from memfd created by artd." into main am: b6a3360ea3
am: 9eed36d267
am: 91ca4a04eb
am: f95122eba0
am: abb28b0f70
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2778047 Change-Id: If18de2b0e14f7427347ef71e923bdac4f43d355b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
50e2efa295
@ -10,3 +10,8 @@ allow profman {
|
||||
|
||||
# Allow profman to use file descriptors passed from privileged programs.
|
||||
allow profman { artd installd }:fd use;
|
||||
|
||||
# Allow profman to read from memfd created by artd.
|
||||
# profman needs to read the embedded profile that artd extracts from an APK,
|
||||
# which is passed by a memfd.
|
||||
allow profman artd_tmpfs:file { getattr read map lock };
|
||||
|
Loading…
Reference in New Issue
Block a user