I've seen this done with other apps when they download executable content from either their servers or enterprise servers. The bad thing is that it is an arbitrary code execution issue so it probably shouldn't be generally allowed. Files in the lib directory are not writable by the app so only code that was originally packaged with is executable.
My bet is that it breaks enough apps that any COTS device will allow execute for app_data_file, though. On Wed, Mar 6, 2013 at 5:03 PM, Persaud, Ryan K. <[email protected]> wrote: > While testing the Netflix application com.netflix.mediaclient, I got the > following denial:**** > > type=1400 audit(1362425946.431:10): avc: denied { execute } for pid=890 > comm="Thread-100" > path="/data/data/com.netflix.mediaclient/files/libcrittercism-ndk.so" > dev=mtdblock1 ino=855 scontext=u:r:untrusted_app:s0:c48,c256 > tcontext=u:object_r:app_data_file:s0:c48,c256 tclass=file**** > > ** ** > > Netflix put the libcrittercism-ndk.so library in the assets directory > instead of lib when the apk was generated. Consequently when the app is > installed, libcrittercism-ndk.so gets placed into the files directory. > I’ve noted two other applications, com.imangi.templerun2 and > com.kiloo.subwaysurf, that also have libraries in the assets directory. > Should the default SEAndroid policy reflect this practice?**** > > ** ** > > Thanks,**** > > -Ryan**** > > ** ** >
