ashmem: expand app access We are only interested in removing "open" access from apps, so leave apps with (rw_file_perms - open) permissions to /dev/ashmem Bug: 126627315 Test: emulator boots without denials to /dev/ashmem Change-Id: I7f03fad5e4e82aebd1b6272e4956b16f86043637

commit: 9fbc87c89f991a347cefe166c38fbbdd3355e0b7 [log] [tgz]
author: Tri Vo <trong@google.com> Thu Feb 28 10:46:57 2019 -0800
committer: Tri Vo <trong@google.com> Thu Feb 28 10:47:35 2019 -0800
tree: cfb8fef11b9147ea552588a45a61f883f12234b1
parent: 83f65ebbb29f9ca85f6a22ed26b7364743d612cf [diff] [blame]
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 0c89d09..a94c637 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te

@@ -65,7 +65,7 @@
 allow ephemeral_app system_server:udp_socket {
         connect getattr read recvfrom sendto write getopt setopt };
 
-allow ephemeral_app ashmem_device:chr_file { getattr read write ioctl };
+allow ephemeral_app ashmem_device:chr_file { getattr read ioctl lock map append write };
 
 ###
 ### neverallow rules
commit	9fbc87c89f991a347cefe166c38fbbdd3355e0b7	[log] [tgz]
author	Tri Vo <trong@google.com>	Thu Feb 28 10:46:57 2019 -0800
committer	Tri Vo <trong@google.com>	Thu Feb 28 10:47:35 2019 -0800
tree	cfb8fef11b9147ea552588a45a61f883f12234b1
parent	83f65ebbb29f9ca85f6a22ed26b7364743d612cf [diff] [blame]