Revert "remove app_data_file execute"
This reverts commit b362474374afc402f65695252d30a008326c0eba.
Reason for revert:
android.jvmti.cts.JvmtiHostTest1906#testJvmti unittest failures.
Bug: 121333210
Bug: 112357170
Change-Id: I6e68855abaaaa1e9248265a468712fa8d70ffa74
Test: compiles and boots
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 10b0b3b..6ebbd43 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -47,7 +47,7 @@
neverallow all_untrusted_apps rs_data_file:file
{ append create link relabelfrom relabelto rename setattr write };
-# Block calling execve() in app /data/data files.
+# Block calling execve() on files in an apps home directory.
# This is a W^X violation (loading executable code from a writable
# home directory). For compatibility, allow for targetApi <= 28.
# b/112357170
@@ -58,17 +58,6 @@
-runas_app
} { app_data_file privapp_data_file }:file execute_no_trans;
-# Block calling dlopen() in app /data/data files.
-# This is a W^X violation (loading executable code from a writable
-# home directory). For compatibility, allow for targetApi <= 28.
-# b/112357170
-neverallow {
- all_untrusted_apps
- -untrusted_app_25
- -untrusted_app_27
- -runas_app
-} app_data_file:file execute;
-
# Do not allow untrusted apps to invoke dex2oat. This was historically required
# by ART for compiling secondary dex files but has been removed in Q.
# Exempt legacy apps (targetApi<=28) for compatibility.