Revert "Revert "Enforce execve() restrictions for API > 28"" This reverts commit 15d1a12f7f57f589c2f1401f8e72813546fd8dda. Bug: 118737210 Bug: 112357170 Test: boot marlin Change-Id: Idcfab04b48f843eead4efa9f58a1337c6685c6ca

commit: 5dc2c8c7402e75749025b72d150a6e3c34041de5 [log] [tgz]
author: Yabin Cui <yabinc@google.com> Fri Nov 02 11:12:43 2018 -0700
committer: Yabin Cui <yabinc@google.com> Wed Nov 07 18:07:18 2018 +0000
tree: 86ef65ebb64e14d0c4f5adc02e80a61888263347
parent: 2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index 79c7762..7b9060d 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te

@@ -2,7 +2,7 @@
 ### Untrusted_27.
 ###
 ### This file defines the rules for untrusted apps running with
-### 25 < targetSdkVersion <= 27.
+### 25 < targetSdkVersion <= 28.
 ###
 ### This file defines the rules for untrusted apps.
 ### Apps are labeled based on mac_permissions.xml (maps signer and
@@ -26,3 +26,7 @@
 untrusted_app_domain(untrusted_app_27)
 net_domain(untrusted_app_27)
 bluetooth_domain(untrusted_app_27)
+
+# The ability to call exec() on files in the apps home directories
+# for targetApi 26, 27, and 28.
+allow untrusted_app_27 app_data_file:file execute_no_trans;
commit	5dc2c8c7402e75749025b72d150a6e3c34041de5	[log] [tgz]
author	Yabin Cui <yabinc@google.com>	Fri Nov 02 11:12:43 2018 -0700
committer	Yabin Cui <yabinc@google.com>	Wed Nov 07 18:07:18 2018 +0000
tree	86ef65ebb64e14d0c4f5adc02e80a61888263347
parent	2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]