Merge "Add rules to cover memfd's for testing."

commit: 8fcf4ca296fdc106d38a2c655cda24c3cfa8dc1a [log] [tgz]
author: Allen Webb <allenwebb@google.com> Tue Aug 03 13:12:07 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Aug 03 13:12:07 2021 +0000
tree: 4545d5f487db6a11fc1134026acb776fb065f102
parent: ebc11f6a990eb3e92b7b73373fc7cc435821aafe [diff]
parent: cda514a99b952012842ba55550b8934c8d92422a [diff]
diff --git a/private/shell.te b/private/shell.te
index dc820bd..bd4e5c0 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -187,6 +187,11 @@
 # Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
 allow shell shell_key:keystore2_key { delete rebind use get_info update };
 
+# Allow shell to open and execute memfd files for minijail unit tests.
+userdebug_or_eng(`
+  allow shell appdomain_tmpfs:file { open execute_no_trans };
+')
+
 # Allow shell to write db.log.detailed, db.log.slow_query_threshold*
 set_prop(shell, sqlite_log_prop)
commit	8fcf4ca296fdc106d38a2c655cda24c3cfa8dc1a	[log] [tgz]
author	Allen Webb <allenwebb@google.com>	Tue Aug 03 13:12:07 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Aug 03 13:12:07 2021 +0000
tree	4545d5f487db6a11fc1134026acb776fb065f102
parent	ebc11f6a990eb3e92b7b73373fc7cc435821aafe [diff]
parent	cda514a99b952012842ba55550b8934c8d92422a [diff]