I have a native service which internally needs to contact with Java layer. So I am using *android_runtime.so* library to create a JavaVm and call *startVm*.
In permissive mode, what I am intended to is working fine. But in enforced mode, I need to add following rule to make it work and that rule is a neverallow (line *445* <AOSP_9.0>/system/sepolicy/public/*domain.te*). *allow mynativeservice mynativeservice_tmpfs:file execute* The description of this neverallow in domain.te (*Android 9.0*) is, “*Assert that, to the extent possible, we’re not loading executable content fromoutside the rootfs or /system partition except for a few whitelisted domains.*” Following are whitelisted, -appdomain -dumpstate -shell -webview_zygote -zygote *My questions* are, 1. Are we allowed to use android_runtime ? 2. If yes, how to start javaVm without giving above never allow ? -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to android-building@googlegroups.com To unsubscribe from this group, send email to android-building+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-building+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/android-building/4108995d-966b-47f2-a190-28f3acd61c2e%40googlegroups.com.