From 388e05d3abadddf4c28ff3c2ce8324d9da5c5ad7 Mon Sep 17 00:00:00 2001
From: "jungyee.yoo" <jungyee.yoo@lge.com>
Date: Thu, 27 Jul 2017 14:57:31 +0900
Subject: [PATCH] Remove platform_app from neverallow execute from /data

Apparently some manufacturers sign APKs with the platform key
which use renderscript. Renderscript works by compiling the
.so file, and placing it in the app's home directory, where the
app loads the content.

Drop platform_app from the neverallow restriction to allow partners
to add rules allowing /data execute for this class of apps.

We should revisit this in the future after we have a better
solution for apps which use renderscript.

(cherry picked from commit c55cf17a6b4a23f8ef66ff816f871d7d9e8de56a)

Bug: 29857189
Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc
---
 app.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app.te b/app.te
index f96f3baa5..e9dd7b39a 100644
--- a/app.te
+++ b/app.te
@@ -443,7 +443,6 @@ neverallow {
   bluetooth
   isolated_app
   nfc
-  platform_app
   radio
   shared_relro
   system_app
-- 
GitLab