I have a native service which internally needs to contact with Java layer.
So I am using *android_runtime.so* library to create a JavaVm and call
*startVm*.
In permissive mode, what I am intended to is working fine. But in enforced
mode, I need to add following rule to make it work and that rule is a
neverallow (line *445* <AOSP_9.0>/system/sepolicy/public/*domain.te*).
*allow mynativeservice mynativeservice_tmpfs:file execute*
The description of this neverallow in domain.te (*Android 9.0*) is,
“*Assert that, to the extent possible, we’re not loading executable content
fromoutside the rootfs or /system partition except for a few whitelisted
domains.*”
Following are whitelisted,
-appdomain
-dumpstate
-shell
-webview_zygote
-zygote
*My questions* are,
1. Are we allowed to use android_runtime ?
2. If yes, how to start javaVm without giving above never allow ?
--
--
You received this message because you are subscribed to the "Android Building"
mailing list.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-building/4108995d-966b-47f2-a190-28f3acd61c2e%40googlegroups.com.
