Merge "sepolicy: allow apps to execute libs embedded inside vendor apk" into oc-dev am: a82c3d57a2 am: 524b0650ce Change-Id: I893d97b9a6383ef1914bfbda43606dfaad6554e4

commit: 003a9b54958235b662d6629ebab63c43f92a4c05 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Wed May 17 10:45:21 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Wed May 17 10:45:21 2017 +0000
tree: 26793eca60a85fd42042f9898d093bcd83621c19
parent: 093bcd99b44b8165fd4337d66fe6495f125f1ee2 [diff]
parent: 524b0650ce9d4e558c54f7c7817eef527edadcbb [diff]
diff --git a/private/app.te b/private/app.te
index 9ede357..1bda9f4 100644
--- a/private/app.te
+++ b/private/app.te

@@ -114,6 +114,7 @@
 # Allow apps access to /vendor/app except for privileged
 # apps which cannot be in /vendor.
 r_dir_file({ appdomain -ephemeral_app -untrusted_v2_app }, vendor_app_file)
+allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_app_file:file execute;
 
 # Allow apps access to /vendor/overlay
 r_dir_file(appdomain, vendor_overlay_file)
commit	003a9b54958235b662d6629ebab63c43f92a4c05	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Wed May 17 10:45:21 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Wed May 17 10:45:21 2017 +0000
tree	26793eca60a85fd42042f9898d093bcd83621c19
parent	093bcd99b44b8165fd4337d66fe6495f125f1ee2 [diff]
parent	524b0650ce9d4e558c54f7c7817eef527edadcbb [diff]