Define SELinux policy for RELRO sharing support. Define a domain and appropriate access rules for shared RELRO files (used for loading the WebView native library). Any app is permitted to read the files as they are public data, but only the shared_relro process is permitted to create/update them. Bug: 13005501 Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e

commit: 9786af2bcaaf0ba25c0a50c81c748a05793ec847 [log] [tgz]
author: Torne (Richard Coles) <torne@google.com> Fri May 23 11:01:58 2014 +0100
committer: Torne (Richard Coles) <torne@google.com> Tue May 27 14:17:50 2014 +0100
tree: 6c7b0cd5f3f77479a14612a07d6ffc3ac01574f7
parent: ccb9f7a1000c35721a28c501c52b0ae87dfcb775 [diff] [blame]
diff --git a/seapp_contexts b/seapp_contexts
index 91cfe72..57b443f 100644
--- a/seapp_contexts
+++ b/seapp_contexts

@@ -39,6 +39,7 @@
 user=bluetooth domain=bluetooth type=bluetooth_data_file
 user=nfc domain=nfc type=nfc_data_file
 user=radio domain=radio type=radio_data_file
+user=shared_relro domain=shared_relro
 user=shell domain=shell type=shell_data_file
 user=_isolated domain=isolated_app
 user=_app seinfo=platform domain=platform_app type=app_data_file
commit	9786af2bcaaf0ba25c0a50c81c748a05793ec847	[log] [tgz]
author	Torne (Richard Coles) <torne@google.com>	Fri May 23 11:01:58 2014 +0100
committer	Torne (Richard Coles) <torne@google.com>	Tue May 27 14:17:50 2014 +0100
tree	6c7b0cd5f3f77479a14612a07d6ffc3ac01574f7
parent	ccb9f7a1000c35721a28c501c52b0ae87dfcb775 [diff] [blame]