Allow ephemeral_app to execute system_file.
(cherrypicked from commit f2afca7cf0
)
Bug: 109653662
Test: Build policy.
Change-Id: I6c71a8bc24d7a144b801d16f1bcad31fb8f2aba5
Merged-In: I6c71a8bc24d7a144b801d16f1bcad31fb8f2aba5
This commit is contained in:
parent
601b4422ae
commit
8b2c858053
@ -87,7 +87,7 @@ allow appdomain oemfs:file rx_file_perms;
|
||||
# Execute the shell or other system executables.
|
||||
allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
|
||||
allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
|
||||
allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file x_file_perms;
|
||||
allow { appdomain -untrusted_v2_app } system_file:file x_file_perms;
|
||||
not_full_treble(`allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_file:file x_file_perms;')
|
||||
|
||||
# Renderscript needs the ability to read directories on /system
|
||||
|
Loading…
Reference in New Issue
Block a user