Sepolicy: Allow system server to exec zygote_exec

Under ASAN, allow system-server to execute app_process. This is required for wrap-property execution. Bug: 36138508 Test: m && SANITIZE_TARGET m Change-Id: Ic637e5205ea86e0edcd66ab387e89b27afef6b99

Sepolicy: Allow system server to exec zygote_exec
Under ASAN, allow system-server to execute app_process. This is required for wrap-property execution. Bug: 36138508 Test: m && SANITIZE_TARGET m Change-Id: Ic637e5205ea86e0edcd66ab387e89b27afef6b99
7db95725 · Andreas Gampe · 6ea8423a · 7db95725
Commit 7db95725 authored 7 years ago by Andreas Gampe
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -661,11 +661,12 @@ allow system_server sysfs_leds:dir r_dir_perms;
 allow system_server debugfs_tracing_instances:dir search;
 allow system_server debugfs_wifi_tracing:file rw_file_perms;
-# allow system_server to exec shell on ASAN builds. Needed to run
+# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
 # asanwrapper.
 with_asan(`
  allow system_server shell_exec:file rx_file_perms;
  allow system_server asanwrapper_exec:file rx_file_perms;
+  allow system_server zygote_exec:file rx_file_perms;
 ')
 ###