Merge "Allow zygote to create fds and map executable."

commit: 3a9a6f51c10037a4776e7402a0f2bf87da212274 [log] [tgz]
author: Nicolas Geoffray <ngeoffray@google.com> Tue Jun 18 06:51:39 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jun 18 06:51:39 2019 +0000
tree: 9d7d26ca3041040bf300118ac9121139ebbd745a
parent: c25272db17e42702fcc5b0b3606d9ba7012c448b [diff]
parent: f77e8c1b0c3935f7f4e8e74a3833b1a1345bf2f1 [diff]
diff --git a/private/zygote.te b/private/zygote.te
index 0466372..cf5a7a3 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -3,6 +3,7 @@
 typeattribute zygote mlstrustedsubject;
 
 init_daemon_domain(zygote)
+tmpfs_domain(zygote)
 
 read_runtime_log_tags(zygote)
 
@@ -51,6 +52,8 @@
 
 # Allow zygote to create JIT memory.
 allow zygote self:process execmem;
+allow zygote zygote_tmpfs:file execute;
+allow zygote ashmem_device:chr_file execute;
 
 # Execute idmap and dex2oat within zygote's own domain.
 # TODO:  Should either of these be transitioned to the same domain
commit	3a9a6f51c10037a4776e7402a0f2bf87da212274	[log] [tgz]
author	Nicolas Geoffray <ngeoffray@google.com>	Tue Jun 18 06:51:39 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jun 18 06:51:39 2019 +0000
tree	9d7d26ca3041040bf300118ac9121139ebbd745a
parent	c25272db17e42702fcc5b0b3606d9ba7012c448b [diff]
parent	f77e8c1b0c3935f7f4e8e74a3833b1a1345bf2f1 [diff]