Un-revert "Audit execution of app_data_file native code."
This was originally implemented in commit
890414725f35fae61a3f16532724c8f6365599f9 and reverted in commit
fa3eb773ce45c9c1a38a579f31799ffc00b85952. This effectively reverts the
revert, with minimal changes to cope with the subsequent reversion of
commit b362474374afc402f65695252d30a008326c0eba.
Auditing is only enabled for apps targeting API <= 28.
Test: Compiles, audit messages are seen.
Bug: 121333210
Bug: 111338677
Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 7c266a5..6f92ef5 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -49,6 +49,7 @@
# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
# and 28 in untrusted_app_27.te.
allow untrusted_app_25 app_data_file:file execute_no_trans;
+userdebug_or_eng(`auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };')
# The ability to invoke dex2oat. Historically required by ART, now only
# allowed for targetApi<=28 for compat reasons.
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index b8fd22e..be155c9 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -30,6 +30,7 @@
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;
+userdebug_or_eng(`auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans };')
# The ability to invoke dex2oat. Historically required by ART, now only
# allowed for targetApi<=28 for compat reasons.