Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 61c7107d authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Allow execmem and ashmem_device execute as required. 



bootanim requires execmem.
bootanim and surfaceflinger requires execute to ashmem_device.

Change-Id: I3b4964c5acd31a44ce81672077c70353a375c072
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent b8559790

target/board/generic/BoardConfig.mk

+4 −1
Original line number Diff line number Diff line
@@ -76,4 +76,7 @@ BOARD_FLASH_BLOCK_SIZE := 512 
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true



BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy

BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te
 
BOARD_SEPOLICY_UNION += \

        bootanim.te \

        domain.te \

        surfaceflinger.te

target/board/generic/sepolicy/bootanim.te

0 → 100644
+2 −0
Original line number Diff line number Diff line 
allow bootanim self:process execmem;

allow bootanim ashmem_device:chr_file execute;

target/board/generic/sepolicy/surfaceflinger.te

+1 −0
Original line number Diff line number Diff line 
allow surfaceflinger self:process execmem;

allow surfaceflinger ashmem_device:chr_file execute;