Last year, I filed an issue for Termux bringing up that it's in violation of the Play Store policy on downloading executable code: github.com/termux/termux-. I proposed implementing packages via apks and mentioned that SELinux policy would likely break their approach down the road.
Conversation
Surprise: Android Q breaks their approach for apps targeting API 29 or above.
github.com/termux/termux-
If you look at the original issue I filed, you can see that what I was saying was totally dismissed and ridiculed. I got called a "concern troll" for trying to keep it working.
1
1
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
Replying to
It prevents whatever the policy is set up to prevent. It will fully prevent executing any new native code, whether it's regular anonymous memory, memfd, tmpfs or via the regular file system as long as the policy is set up to do that. That's what I did in my downstream changes.
It isn't what they're doing upstream. They still allow execmem (in-memory code generation) for the ART JIT and also for compatibility with third party JIT compilers like Firefox. It's also allowed in isolated_app, where the Chromium renderer does it.
1
I forbid all that for the base system, other than making as dedicated isolated_app domain for the Chromium renderer where execmem is allowed. For third party apps, I used a system where exceptions could be granted. Keep in mind it's not for defending the OS from apps.
1
Show replies
This Tweet was deleted by the Tweet author. Learn more
Replying to
No, I think it counts as tmpfs. SELinux doesn't allow anything that the policy isn't specifically written to allow though. Removing execution of app_data_file involved removing a rule, not adding anything. Similarly, disabling mapping it as exec means removing execute for it.
1
Show replies