I've just uploaded this patch to Gerrit, however it only applies to the vanilla Android policy:
When SELinux is in enforcement mode it is not possible to launch apps. This rule will also allow the system to initialise even if enforcement mode is enabled during the boot process. Change-Id: I922b98267964e888faa36762c49c02661824d38c Signed-off-by: Richard Haines <[email protected]> --- system.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system.te b/system.te index fc76cd4..8734485 100644 --- a/system.te +++ b/system.te @@ -9,3 +9,5 @@ unconfined_domain(system); # Create a socket for receiving info from wpa. type_transition system wifi_data_file:sock_file system_wpa_socket; +# Allow zygote to launch apps +allow system self:zygote { specifyseinfo specifyids }; -- 1.8.3.1
