ashmem: expand app access
We are only interested in removing "open" access from apps, so leave
apps with (rw_file_perms - open) permissions to /dev/ashmem
Bug: 126627315
Test: emulator boots without denials to /dev/ashmem
Change-Id: I7f03fad5e4e82aebd1b6272e4956b16f86043637
diff --git a/private/isolated_app.te b/private/isolated_app.te
index f51ccc9..b7c812b 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -64,7 +64,7 @@
# debuggable.
can_profile_heap(isolated_app)
-allow isolated_app ashmem_device:chr_file { getattr read write ioctl };
+allow isolated_app ashmem_device:chr_file { getattr read ioctl lock map append write };
#####
##### Neverallow