From c255e377c5c0fbbced3b7a09f229903b6a24de93 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 22 Aug 2016 11:13:22 -0700
Subject: [PATCH] Remove platform_app from neverallow execute from /data

Apparently some manufacturers sign APKs with the platform key
which use renderscript. Renderscript works by compiling the
.so file, and placing it in the app's home directory, where the
app loads the content.

Drop platform_app from the neverallow restriction to allow partners
to add rules allowing /data execute for this class of apps.

We should revisit this in the future after we have a better
solution for apps which use renderscript.

(cherry picked from commit c55cf17a6b4a23f8ef66ff816f871d7d9e8de56a)

Bug: 29857189
Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc
---
 app.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app.te b/app.te
index d3435fe32..1afa4b5c0 100644
--- a/app.te
+++ b/app.te
@@ -442,7 +442,6 @@ neverallow {
   bluetooth
   isolated_app
   nfc
-  platform_app
   radio
   shared_relro
   system_app
-- 
GitLab