ephemeral_app: restore /dev/ashmem open permissions ephemeral_app domain doesn't distinguish between apps that target Q vs ones target pre-Q. Restore ashmem permissions for older apps. Bug: 130054503 Test: start com.nextlatam.augmentedfaces instant app Change-Id: I490323cce96d69e561fc808426a9dfba2aeac30f

commit: 0da2ecda6200d2adb824faa2f7c73f348f4a8620 [log] [tgz]
author: Tri Vo <trong@google.com> Tue Apr 09 11:48:35 2019 -0700
committer: Tri Vo <trong@google.com> Tue Apr 09 11:53:53 2019 -0700
tree: 7b25b218482727f7b7c22900676b05e49fb69767
parent: ba27ad4806d4149013009da45e8efcd0fc799364 [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 17f4111..fcdd653 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -339,6 +339,7 @@
 # They must use ASharedMemory NDK API instead.
 neverallow {
   all_untrusted_apps
+  -ephemeral_app
   -untrusted_app_25
   -untrusted_app_27
 } ashmem_device:chr_file open;
commit	0da2ecda6200d2adb824faa2f7c73f348f4a8620	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Apr 09 11:48:35 2019 -0700
committer	Tri Vo <trong@google.com>	Tue Apr 09 11:53:53 2019 -0700
tree	7b25b218482727f7b7c22900676b05e49fb69767
parent	ba27ad4806d4149013009da45e8efcd0fc799364 [diff] [blame]