sepolicy: Allow system_app to run su_exec()

Change-Id: I56f83cc4896de75165e010d12ff38525015e8e54
author: Zipsnet <hcolmenares@gmail.com> 2015-12-21 21:52:07 -0500
committer: Zipsnet <hcolmenares@gmail.com> 2015-12-21 21:52:07 -0500
commit: efe43c5f8d2d3728e4101240657fc09591cc3f81 (patch)
tree: 84e71b95608ff809238cd3f737418d6fe859c07e
parent: e8a8b8289f678c4d65e2dc0a1c28af3c40fe7225 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/domain.te b/domain.te
index db19da3..8f600ae 100644
--- a/domain.te
+++ b/domain.te
@@ -401,7 +401,7 @@ neverallow domain { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file
 # Nobody should be able to execute su on user builds.
 # On userdebug/eng builds, only dumpstate, shell, and
 # su itself execute su.
-neverallow { domain userdebug_or_eng(`-dumpstate -shell -su -init -untrusted_app -sudaemon') } su_exec:file no_x_file_perms;
+neverallow { domain userdebug_or_eng(`-dumpstate -shell -su -init -untrusted_app -system_app -sudaemon') } su_exec:file no_x_file_perms;
 
 # Do not allow the introduction of new execmod rules. Text relocations
 # and modification of executable pages are unsafe.
author	Zipsnet <hcolmenares@gmail.com>	2015-12-21 21:52:07 -0500
committer	Zipsnet <hcolmenares@gmail.com>	2015-12-21 21:52:07 -0500
commit	efe43c5f8d2d3728e4101240657fc09591cc3f81 (patch)
tree	84e71b95608ff809238cd3f737418d6fe859c07e
parent	e8a8b8289f678c4d65e2dc0a1c28af3c40fe7225 (diff)