On Wed, 2012-07-11 at 16:32 +0200, Michal Mašek wrote:
> Thank you. The app_ndk boolean is exactly what I was looking for.
> However, to resolve all denials, I also had to allow the application to
> "open" the system_data_file, not just to "execute" it:
>
> diff --git a/app.te b/app.te
> index ed76ccf..137aad7 100644
> --- a/app.te
> +++ b/app.te
> @@ -70,7 +70,7 @@ allow untrusted_app sdcard:file create_file_perms;
> # Native app support.
> bool app_ndk false;
> if (app_ndk) {
> -allow untrusted_app app_data_file:file execute;
> +allow untrusted_app system_data_file:file { execute open };
> }
Thanks. Patch was corrupted (maybe whitespace-damaged by your mail
client?) so I had to apply it by hand, but you are still listed as the
author.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
