Temporarily add auditing of execmod by apps. This is so we can get data on which apps are actually doing this. Bug: 111544476 Test: Device boots. No audits seen on test device. Change-Id: I5f72200ed8606775904d353c4d3d790373fe7dea

commit: 708aa90dd210acd9ad75a5b8ca65fcba6fb48c5c [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Thu Jul 19 17:42:21 2018 +0100
committer: Alan Stokes <alanstokes@google.com> Fri Jul 20 12:40:29 2018 +0100
tree: 97d9d5ff1696e401521ec7085005f16074d072ed
parent: 13e60ed1fac12b561229ffc8aa9786b4949aa700 [diff] [blame]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index c9bf65f..6e09c8c 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -151,6 +151,10 @@
   }:{ dir file lnk_file } { getattr open read };
 ')
 
+# Temporary auditing to get data on what apps use execmod.
+# TODO(b/111544476) Remove this and deny the permission if feasible.
+auditallow untrusted_app_all { apk_data_file app_data_file asec_public_file }:file execmod;
+
 # Attempts to write to system_data_file is generally a sign
 # that apps are attempting to access encrypted storage before
 # the ACTION_USER_UNLOCKED intent is delivered. Suppress this
commit	708aa90dd210acd9ad75a5b8ca65fcba6fb48c5c	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Thu Jul 19 17:42:21 2018 +0100
committer	Alan Stokes <alanstokes@google.com>	Fri Jul 20 12:40:29 2018 +0100
tree	97d9d5ff1696e401521ec7085005f16074d072ed
parent	13e60ed1fac12b561229ffc8aa9786b4949aa700 [diff] [blame]