I have a native service which internally needs to contact with Java layer.
So I am using *android_runtime.so* library to create a JavaVm and call
*startVm*.
In permissive mode, what I am intended to is working fine. But in enforced
mode, I need to add following rule to make it work and that rule is a
neverallow (line *445* <AOSP_9.0>/system/sepolicy/public/*domain.te*).
*allow mynativeservice mynativeservice_tmpfs:file execute*
The description of this neverallow in domain.te (*Android 9.0*) is,
“*Assert that, to the extent possible, we’re not loading executable content
fromoutside the rootfs or /system partition except for a few whitelisted
domains.*”
Following are whitelisted,
-appdomain
-dumpstate
-shell
-webview_zygote
-zygote
*My questions* are,
1. Are we allowed to use android_runtime ?
2. If yes, how to start javaVm without giving above never allow ?
--
--
You received this message because you are subscribed to the "Android Building"
mailing list.
To post to this group, send email to android-building@googlegroups.com
To unsubscribe from this group, send email to
android-building+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-building+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-building/4108995d-966b-47f2-a190-28f3acd61c2e%40googlegroups.com.
