Temporarily add auditing of execmod by apps.

This is so we can get data on which apps are actually doing this. Bug: 111544476 Test: Device boots. No audits seen on test device. Change-Id: I5f72200ed8606775904d353c4d3d790373fe7dea
2018-07-19 17:42:21 +01:00 · 2018-07-19 17:42:21 +01:00 · 708aa90dd2
commit 708aa90dd2
parent 13e60ed1fa
1 changed files with 4 additions and 0 deletions
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@ -151,6 +151,10 @@ userdebug_or_eng(`
  }:{ dir file lnk_file } { getattr open read };
 ')

+# Temporary auditing to get data on what apps use execmod.
+# TODO(b/111544476) Remove this and deny the permission if feasible.
+auditallow untrusted_app_all { apk_data_file app_data_file asec_public_file }:file execmod;
+
 # Attempts to write to system_data_file is generally a sign
 # that apps are attempting to access encrypted storage before
 # the ACTION_USER_UNLOCKED intent is delivered. Suppress this