auditallow apk_data_file execute

thestinger · randomhydrosol · commit eab1c9a22871 · 2021-04-10T03:38:21.000+05:30
For libraries, apps should be migrating to the more modern approach of storing them in the apk uncompressed and mapping them directly from it. This is the most modern approach available for executables and is better than using app data, but ideally it wouldn't be done. For now, audit use of `execute_no_trans` anyway while this is given more thought. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te
@@ -275,6 +275,7 @@ allow appdomain shared_relro_file:file r_file_perms;
 # Allow apps to read/execute installed binaries
 allow appdomain apk_data_file:dir r_dir_perms;
 allow appdomain apk_data_file:file rx_file_perms;
+auditallow appdomain apk_data_file:file { execute execute_no_trans };
 
 # /data/resource-cache
 allow appdomain resourcecache_data_file:file r_file_perms;
diff --git a/public/app.te b/public/app.te
@@ -275,6 +275,7 @@ allow appdomain shared_relro_file:file r_file_perms;
 # Allow apps to read/execute installed binaries
 allow appdomain apk_data_file:dir r_dir_perms;
 allow appdomain apk_data_file:file rx_file_perms;
+auditallow appdomain apk_data_file:file { execute execute_no_trans };
 
 # /data/resource-cache
 allow appdomain resourcecache_data_file:file r_file_perms;
