Skip to content
Snippets Groups Projects
Commit 7ef348b1 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Revert "isolated_app: Do not allow access to the gpu_device." 

Chrome team recommends reverting this patch and introducing
it into a future version of Android, to avoid potential
compatibility issues.

This reverts commit 9de62d6f.

Bug: 17471434
Bug: 18609318
Change-Id: I3086cb8a8d7142b1eadce622f7e87a4c3426b6bf
parent 350535e1
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
app.te
+ 1
1
View file @ 7ef348b1
...@@ -90,7 +90,7 @@ allow appdomain qtaguid_device:chr_file r_file_perms; ...@@ -90,7 +90,7 @@ allow appdomain qtaguid_device:chr_file r_file_perms;
# Grant GPU access to all processes started by Zygote. # Grant GPU access to all processes started by Zygote.
# They need that to render the standard UI. # They need that to render the standard UI.
allow { appdomain -isolated_app } gpu_device:chr_file { rw_file_perms execute }; allow appdomain gpu_device:chr_file { rw_file_perms execute };
# Use the Binder. # Use the Binder.
binder_use(appdomain) binder_use(appdomain)
......
isolated_app.te
+ 0
3
View file @ 7ef348b1
...@@ -13,9 +13,6 @@ type isolated_app, domain; ...@@ -13,9 +13,6 @@ type isolated_app, domain;
app_domain(isolated_app) app_domain(isolated_app)
net_domain(isolated_app) net_domain(isolated_app)
# Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:file { rw_file_perms execute };
# read and write access to app_data_file is already # read and write access to app_data_file is already
# granted via app.te. Allow execute. # granted via app.te. Allow execute.
# Needed to allow dlopen() from Chrome renderer processes. # Needed to allow dlopen() from Chrome renderer processes.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment