Commits

Stephen Smalley  committed 61c7107

Allow execmem and ashmem_device execute as required.

bootanim requires execmem.
bootanim and surfaceflinger requires execute to ashmem_device.

Change-Id: I3b4964c5acd31a44ce81672077c70353a375c072
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits b855979

Comments (0)

Files changed (3)

File target/board/generic/BoardConfig.mk

 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
 BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
-BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te
+BOARD_SEPOLICY_UNION += \
+        bootanim.te \
+        domain.te \
+        surfaceflinger.te

File target/board/generic/sepolicy/bootanim.te

+allow bootanim self:process execmem;
+allow bootanim ashmem_device:chr_file execute;

File target/board/generic/sepolicy/surfaceflinger.te

 allow surfaceflinger self:process execmem;
+allow surfaceflinger ashmem_device:chr_file execute;