Hi Han, Privileged system components such as system_app are disallowed from executing content off the read-write /data partition because it is less trusted than dm-verity protected read-only partitions such as /system. I recommend you put your python binary on the system partition.
On Mon, Apr 2, 2018 at 6:10 AM HAN <[email protected]> wrote: > Hi everone, > > > > My system_app needs to execute python binary to run python script. > > So I copied the binary into a path "/data/misc/user/0/python" > > but execution is blocked by below neverallow. > > > > Where should I put my python binary into? > > Are there any areas that are most commonly used in this case? > > > > > > http://androidxref.com/8.0.0_r4/xref/system/sepolicy/private/app.te#497 > > > ------------------------------------------------------------------------------ > > # Blacklist app domains not allowed to execute from /data > > neverallow { > > bluetooth > > isolated_app > > nfc > > radio > > shared_relro > > system_app > > } { > > data_file_type > > -dalvikcache_data_file > > -system_data_file # shared libs in apks > > -apk_data_file > > }:file no_x_file_perms; > > > ------------------------------------------------------------------------------ > > > > Thanks. > > HAN >
