Allow zygote to access dir/file under /vendor/overlay
http://ag/2070347 doesn't allow zygote to read vendor_overlay_file:file anymore. But zygote isn't transitioned into idmap when executing idmap_exec. So we need to allow zygote to access dir/file under /vendor/overlay to enable idmap_exec run by zygote to read static RRO. Test: building succeeded and tested a static RRO on sailfish device. Bug: 37173452 Change-Id: Iec8a6b31d24c225f7819eeb885305f78da73b8e0
This commit is contained in:
parent
d0e9cb0553
commit
e360791d37
@ -51,9 +51,8 @@ allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
|
||||
allow zygote idmap_exec:file rx_file_perms;
|
||||
allow zygote dex2oat_exec:file rx_file_perms;
|
||||
|
||||
# /vendor/overlay existence is checked before
|
||||
# passing it on as an argument to idmap in AssetManager
|
||||
allow zygote vendor_overlay_file:dir { getattr open read search };
|
||||
# Allow apps access to /vendor/overlay
|
||||
r_dir_file(zygote, vendor_overlay_file)
|
||||
|
||||
# Control cgroups.
|
||||
allow zygote cgroup:dir create_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user