app: allow PROT_EXEC on ashmem objects
This fixes a bug introduced in aosp/1143430 where the permission
should have been included for the newly introduced
ashmem_libcutils_device type.
Test: Build
Bug: 150193534
Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38
diff --git a/private/system_server.te b/private/system_server.te
index 13baa74..67882ba 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1058,7 +1058,7 @@
ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
`allow system_server self:process execmem;',
`neverallow system_server self:process execmem;')
-neverallow system_server ashmem_device:chr_file execute;
+neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow system_server system_server_tmpfs:file execute;
diff --git a/public/app.te b/public/app.te
index 4ceb4a6..235d3f8 100644
--- a/public/app.te
+++ b/public/app.te
@@ -11,7 +11,7 @@
# WebView and other application-specific JIT compilers
allow appdomain self:process execmem;
-allow appdomain ashmem_device:chr_file execute;
+allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;