isolated_app: allow app_data_file execute
Chrome renderer processes dlopen() a shared library from
gmscore. Open and read on app data file is already allowed,
but execute isn't, so the dlopen() fails. This is a regression
from K, where the dlopen succeeded.
Longer term, there's questions about whether this is appropriate
behavior for an isolated app. For now, allow the behavior.
See the discussion in b/15902433 for details.
Addresses the following denial:
I/auditd ( 5087): type=1400 audit(0.0:76): avc: denied { execute } for comm="CrRendererMain" path="/data/data/com.google.android.gms/files/libAppDataSearchExt_armeabi_v7a.so" dev="mmcblk0p28" ino=83196 scontext=u:r:isolated_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file
Bug: 15902433
Change-Id: Ie98605d43753be8c31a6fe510ef2dde0bdb52678
1 file changed