Allow app_zygote to map memfd backed memeory as PROT_EXEC Binary translation maps these regions to install translated code, see linked bug for more context. Bug: http://b/189502716 Test: run cts -m CtsExternalServiceTestCases -t android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote in binary translated enviroment. Change-Id: I3bc978b9013e9fc5cf700d1efca769331ec395b0

commit: 97f77757439333fac14803935b71cc41aa2ccd0e [log] [tgz]
author: dimitry <dimitry@google.com> Wed Jun 14 12:18:42 2023 +0200
committer: dimitry <dimitry@google.com> Wed Jun 14 12:24:12 2023 +0200
tree: e49b994c2f469d52540911f36d0a109441328fe9
parent: cd69d35a5e63b5135788b5f544e77854304796f6 [diff]
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 6552d63..841c0a1 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te

@@ -20,6 +20,9 @@
 # For JIT
 allow app_zygote self:process execmem;
 
+# Allow exec mapping from tmpfs (memfds) for binary translation
+allow app_zygote app_zygote_tmpfs:file execute;
+
 # Allow app_zygote to stat the files that it opens. It must
 # be able to inspect them so that it can reopen them on fork
 # if necessary: b/30963384.
commit	97f77757439333fac14803935b71cc41aa2ccd0e	[log] [tgz]
author	dimitry <dimitry@google.com>	Wed Jun 14 12:18:42 2023 +0200
committer	dimitry <dimitry@google.com>	Wed Jun 14 12:24:12 2023 +0200
tree	e49b994c2f469d52540911f36d0a109441328fe9
parent	cd69d35a5e63b5135788b5f544e77854304796f6 [diff]