-
- Downloads
DO NOT MERGE: domain.te: Drop appdomain transition neverallow assertion
Commit c5266df9 (Android 7.1) introduced a new neverallow rule which required that the only way you could become an appdomain was to have been spawned from zygote or run-as. # Only domains spawned from zygote and runas may have the appdomain attribute. neverallow { domain -runas -zygote } { appdomain -shell userdebug_or_eng(`-su') }:process { transition dyntransition }; This change was backported to Android 7.0 in commit eedacf83 as part of the relaxation of another neverallow rule. As a general rule, the introduction of new neverallow rules in older Android releases causes pain and unscheduled engineering work for our partners. As a result, we try to avoid making such changes. Partially revert eedacf83, specifically the part that introduced a new neverallow rule. This revert is intended for Android 7.0 ONLY, and should not be applied to newer Android releases. Bug: 37418998 Change-Id: I4c2eb30000b230d22d8dbc3b1309a5b63f9f95c9
Please register or sign in to comment