PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow ephemeral_app to execute system_file.

Browse Source 
(cherrypicked from commit f2afca7cf0)

Bug: 109653662
Test: Build policy.
Change-Id: I6c71a8bc24d7a144b801d16f1bcad31fb8f2aba5
Merged-In: I6c71a8bc24d7a144b801d16f1bcad31fb8f2aba5
This commit is contained in:
Joel Galenson 2018-06-05 17:55:26 -07:00 committed by Nick Kralevich
parent 601b4422ae
commit 8b2c858053
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/app.te
View File

@ -87,7 +87,7 @@ allow appdomain oemfs:file rx_file_perms;
# Execute the shell or other system executables.
allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file x_file_perms;
allow { appdomain -untrusted_v2_app } system_file:file x_file_perms;
not_full_treble(`allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_file:file x_file_perms;')
# Renderscript needs the ability to read directories on /system