Un-revert "Audit execution of app_data_file native code."

This was originally implemented in commit 89041472 and reverted in commit fa3eb773. This effectively reverts the revert, with minimal changes to cope with the subsequent reversion of commit b3624743. Auditing is only enabled for apps targeting API <= 28. Test: Compiles, audit messages are seen. Bug: 121333210 Bug: 111338677 Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd

Un-revert "Audit execution of app_data_file native code."
This was originally implemented in commit 89041472 and reverted in commit fa3eb773. This effectively reverts the revert, with minimal changes to cope with the subsequent reversion of commit b3624743. Auditing is only enabled for apps targeting API <= 28. Test: Compiles, audit messages are seen. Bug: 121333210 Bug: 111338677 Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd
c6cbeadb · Alan Stokes · f0264fe2 · c6cbeadb · c6cbeadb
Commit c6cbeadb authored 6 years ago by Alan Stokes
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -49,6 +49,7 @@ allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file exe
 # for targetApi<=25. This is also allowed for targetAPIs 26, 27,
 # and 28 in untrusted_app_27.te.
 allow untrusted_app_25 app_data_file:file execute_no_trans;
+userdebug_or_eng(`auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };')

 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.

--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -30,6 +30,7 @@ bluetooth_domain(untrusted_app_27)
 # The ability to call exec() on files in the apps home directories
 # for targetApi 26, 27, and 28.
 allow untrusted_app_27 app_data_file:file execute_no_trans;
+userdebug_or_eng(`auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans };')

 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.