neverallow PROT_EXEC stack or heap.
Despite removing these from AOSP policy they seem to still be
present in device policies. Prohibit them via neverallow.
We would also like to minimize execmem to only app domains
and others using ART, but that will first require eliminating it
from device-specific service domains (which may only have it
due to prior incorrect handling of text relocations).
Signed-off-by: Stephen Smalley <firstname.lastname@example.org>
1 file changed