Allow execmod for apps with targetSdkVersion=26-28
Bug: 129760476
Test: build
Change-Id: I239c16e8269b81c22738e7813c1d4ae46068aa53
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 96ae0e8..a35d81b 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -42,7 +42,7 @@
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
-# Text relocation support for API < 23
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index f9cd460..eaa1791 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -27,6 +27,10 @@
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
+# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
+allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod;
+
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;