PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Allow profman to read from memfd created by artd." into main am: b6a3360ea3 am: 9eed36d267 am: 91ca4a04eb am: f95122eba0

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2778047

Change-Id: Id717966f8531a3e228fc1deda9fe715579856ff9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Jiakai Zhang 2023-10-12 17:33:17 +00:00 committed by Automerger Merge Worker
commit abb28b0f70
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
private/profman.te
View File

@ -10,3 +10,8 @@ allow profman {
# Allow profman to use file descriptors passed from privileged programs. # Allow profman to use file descriptors passed from privileged programs.
allow profman { artd installd }:fd use; allow profman { artd installd }:fd use;
# Allow profman to read from memfd created by artd.
# profman needs to read the embedded profile that artd extracts from an APK,
# which is passed by a memfd.
allow profman artd_tmpfs:file { getattr read map lock };