From c55cf17a6b4a23f8ef66ff816f871d7d9e8de56a Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 22 Aug 2016 11:13:22 -0700
Subject: [PATCH] Remove platform_app from neverallow execute from /data

Apparently some manufacturers sign APKs with the platform key
which use renderscript. Renderscript works by compiling the
.so file, and placing it in the app's home directory, where the
app loads the content.

Drop platform_app from the neverallow restriction to allow partners
to add rules allowing /data execute for this class of apps.

We should revisit this in the future after we have a better
solution for apps which use renderscript.

Bug: 29857189
Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc
---
 app.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app.te b/app.te
index f96f3baa5..e9dd7b39a 100644
--- a/app.te
+++ b/app.te
@@ -443,7 +443,6 @@ neverallow {
   bluetooth
   isolated_app
   nfc
-  platform_app
   radio
   shared_relro
   system_app
-- 
GitLab