Revert "Revert "Enforce execve() restrictions for API > 28"" This reverts commit 15d1a12f7f57f589c2f1401f8e72813546fd8dda. Bug: 118737210 Bug: 112357170 Test: boot marlin Change-Id: Idcfab04b48f843eead4efa9f58a1337c6685c6ca

commit: 5dc2c8c7402e75749025b72d150a6e3c34041de5 [log] [tgz]
author: Yabin Cui <yabinc@google.com> Fri Nov 02 11:12:43 2018 -0700
committer: Yabin Cui <yabinc@google.com> Wed Nov 07 18:07:18 2018 +0000
tree: 86ef65ebb64e14d0c4f5adc02e80a61888263347
parent: 2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 54d278e..527216d 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -22,7 +22,7 @@
 
 # Some apps ship with shared libraries and binaries that they write out
 # to their sandbox directory and then execute.
-allow untrusted_app_all { app_data_file privapp_data_file }:file { rx_file_perms };
+allow untrusted_app_all { app_data_file privapp_data_file }:file { r_file_perms execute };
 
 # ASEC
 allow untrusted_app_all asec_apk_file:file r_file_perms;
commit	5dc2c8c7402e75749025b72d150a6e3c34041de5	[log] [tgz]
author	Yabin Cui <yabinc@google.com>	Fri Nov 02 11:12:43 2018 -0700
committer	Yabin Cui <yabinc@google.com>	Wed Nov 07 18:07:18 2018 +0000
tree	86ef65ebb64e14d0c4f5adc02e80a61888263347
parent	2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]