Reland "sepolicy: fix zygote JIT permissions w.r.t. ashmem" zygote now allocates JIT memory using libcutils API (aosp/1135101) instead of going to /dev/ashmem directly, which requires execute permissions to ashmem_libcutils_device. Bug: 134434505 Change-Id: I3b5eeac1ec06d8d70da327743174ca83eec6b41c Test: boot crosshatch

commit: f25025f6ff1d0e0138b0c98015bc6cca1ebe25cb [log] [tgz]
author: Tri Vo <trong@google.com> Tue Oct 15 22:26:56 2019 +0000
committer: Tri Vo <trong@google.com> Tue Oct 15 22:26:56 2019 +0000
tree: 6e64baa7b150568228c6eb3d03f578063d87c853
parent: 09d90765136b708f4150c955484df9415c4263b5 [diff]
diff --git a/private/zygote.te b/private/zygote.te
index 66e14b3..d5e5420 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -53,7 +53,7 @@
 # Allow zygote to create JIT memory.
 allow zygote self:process execmem;
 allow zygote zygote_tmpfs:file execute;
-allow zygote ashmem_device:chr_file execute;
+allow zygote ashmem_libcutils_device:chr_file execute;
 
 # Execute idmap and dex2oat within zygote's own domain.
 # TODO:  Should either of these be transitioned to the same domain
commit	f25025f6ff1d0e0138b0c98015bc6cca1ebe25cb	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Oct 15 22:26:56 2019 +0000
committer	Tri Vo <trong@google.com>	Tue Oct 15 22:26:56 2019 +0000
tree	6e64baa7b150568228c6eb3d03f578063d87c853
parent	09d90765136b708f4150c955484df9415c4263b5 [diff]