Skip to content
Snippets Groups Projects
Commit ad891591 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

isolated_app: allow app_data_file execute 

Chrome renderer processes dlopen() a shared library from
gmscore. Open and read on app data file is already allowed,
but execute isn't, so the dlopen() fails. This is a regression
from K, where the dlopen succeeded.

Longer term, there's questions about whether this is appropriate
behavior for an isolated app. For now, allow the behavior.
See the discussion in b/15902433 for details.

Addresses the following denial:

  I/auditd  ( 5087): type=1400 audit(0.0:76): avc:  denied  { execute } for  comm="CrRendererMain" path="/data/data/com.google.android.gms/files/libAppDataSearchExt_armeabi_v7a.so" dev="mmcblk0p28" ino=83196 scontext=u:r:isolated_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file

Bug: 15902433
Change-Id: Ie98605d43753be8c31a6fe510ef2dde0bdb52678
parent 1dcc1227
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment