From 6949a392b35aa33b10c9eff52a3d9a91d07fa371 Mon Sep 17 00:00:00 2001
From: Nicolas Geoffray <ngeoffray@google.com>
Date: Sat, 17 Nov 2018 19:44:19 +0000
Subject: [PATCH] Allow zygote to JIT.

bug: 110870380
Test: device boots, artificially creating a rwx mapping in zygote works.

Change-Id: I81a32b616a68f186867af25528a0348d1ad73a50
---
 private/zygote.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/zygote.te b/private/zygote.te
index 491f079ec..d1e0f5500 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -48,6 +48,9 @@ allow zygote resourcecache_data_file:file create_file_perms;
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
 allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
 
+# Allow zygote to create JIT memory.
+allow zygote self:process execmem;
+
 # Execute idmap and dex2oat within zygote's own domain.
 # TODO:  Should either of these be transitioned to the same domain
 # used by installd or stay in-domain for zygote?
-- 
GitLab