Merge "app.te: enable mapping ART apexdata cache executable" am: d82e1e4214 am: b31a754011 am: 27185ceb98 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1688390 Change-Id: Ic3c08a5519501d425f9a3aa10156df29717f1599

commit: 083ccf1e59096816c0db9aebb5ed98bda706fd0f [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Apr 29 15:11:12 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Apr 29 15:11:12 2021 +0000
tree: 7a5e5f043acaa99ee482bb4d54348a3f406cf979
parent: 882537a9893fc61b7003543ead21448123109cbb [diff]
parent: 27185ceb98d543a6ec366fa864c90bf66ba91a8b [diff]
diff --git a/private/app.te b/private/app.te
index 126f11f..94d24e0 100644
--- a/private/app.te
+++ b/private/app.te

@@ -72,9 +72,9 @@
 
 # Enter /data/misc/apexdata/
 allow appdomain apex_module_data_file:dir search;
-# Read /data/misc/apexdata/com.android.art
+# Read /data/misc/apexdata/com.android.art, execute signed AOT artifacts.
 allow appdomain apex_art_data_file:dir r_dir_perms;
-allow appdomain apex_art_data_file:file r_file_perms;
+allow appdomain apex_art_data_file:file rx_file_perms;
 
 # Allow access to tombstones if an fd to one is given to you.
 # This is restricted by unix permissions, so an app must go through system_server to get one.
commit	083ccf1e59096816c0db9aebb5ed98bda706fd0f	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Apr 29 15:11:12 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Apr 29 15:11:12 2021 +0000
tree	7a5e5f043acaa99ee482bb4d54348a3f406cf979
parent	882537a9893fc61b7003543ead21448123109cbb [diff]
parent	27185ceb98d543a6ec366fa864c90bf66ba91a8b [diff]