dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this |
| 3 | # Define and allow access to our own type for ashmem regions. |
| 4 | # Label ashmem objects with our own unique type. |
Chad Brubaker | 06cf31e | 2016-10-06 13:15:44 -0700 | [diff] [blame] | 5 | tmpfs_domain(ephemeral_app) |
dcashman | 2e00e63 | 2016-10-12 14:58:09 -0700 | [diff] [blame^] | 6 | # TODO: deal with tmpfs_domain pub/priv split properly |
| 7 | # Map with PROT_EXEC. |
| 8 | allow ephemeral_app ephemeral_app_tmpfs:file execute; |
| 9 | |
| 10 | # Read system properties managed by zygote. |
| 11 | allow ephemeral_app zygote_tmpfs:file read; |