Merge "add execmod to various app domains"
diff --git a/app.te b/app.te
index 0049fe4..eadf539 100644
--- a/app.te
+++ b/app.te
@@ -51,7 +51,7 @@
# lib subdirectory of /data/data dir is system-owned.
allow appdomain system_data_file:dir r_dir_perms;
-allow appdomain system_data_file:file { execute execute_no_trans open };
+allow appdomain system_data_file:file { execute execute_no_trans open execmod };
# Access to OEM provided data and apps
allow appdomain oemfs:dir r_dir_perms;
diff --git a/untrusted_app.te b/untrusted_app.te
index b7a2cef..50a02da 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -27,7 +27,7 @@
# Some apps ship with shared libraries and binaries that they write out
# to their sandbox directory and then execute.
-allow untrusted_app app_data_file:file rx_file_perms;
+allow untrusted_app app_data_file:file { rx_file_perms execmod };
allow untrusted_app tun_device:chr_file rw_file_perms;
@@ -35,7 +35,7 @@
allow untrusted_app asec_apk_file:dir { getattr };
allow untrusted_app asec_apk_file:file r_file_perms;
# Execute libs in asec containers.
-allow untrusted_app asec_public_file:file execute;
+allow untrusted_app asec_public_file:file { execute execmod };
# Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm