Google Git
Sign in
android / platform / system / sepolicy / 899d8600058cdf9c9c3079abc3506e7a79180c2b^1..899d8600058cdf9c9c3079abc3506e7a79180c2b / .
commit899d8600058cdf9c9c3079abc3506e7a79180c2b[log] [tgz]
authorCalin Juravle <calin@google.com>Tue Sep 08 07:13:37 2020 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Sep 08 07:13:37 2020 +0000
tree7bd667c3cf5eab7bc907bb76f821581f9baa436f
parentcb090f714e097ef206174dd8fb4365e37ae7ce6d [diff]
parent192cca8ee4365e409bb618db0550756132389470 [diff]
Fix sepolicy for secondary dex files am: 623f3f5cef am: 192cca8ee4

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12521289

Change-Id: Ic30f27ba8844e37f3bf2d05670b545f4ba458dc4

diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te
index ab731f1..86e8009 100644
--- a/prebuilts/api/30.0/private/coredomain.te
+++ b/prebuilts/api/30.0/private/coredomain.te

@@ -22,6 +22,7 @@
         coredomain
         -appdomain
         -dex2oat
+        -dexoptanalyzer
         -idmap
         -init
         -installd
@@ -38,6 +39,7 @@
         coredomain
         -appdomain
         -dex2oat
+        -dexoptanalyzer
         -idmap
         -init
         -installd

diff --git a/prebuilts/api/30.0/private/dexoptanalyzer.te b/prebuilts/api/30.0/private/dexoptanalyzer.te
index 1f92462..a2b2b01 100644
--- a/prebuilts/api/30.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/30.0/private/dexoptanalyzer.te

@@ -3,6 +3,10 @@
 type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
 type dexoptanalyzer_tmpfs, file_type;
 
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
 # Reading an APK opens a ZipArchive, which unpack to tmpfs.
 # Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
 # own label, which differs from other labels created by other processes.

diff --git a/private/coredomain.te b/private/coredomain.te
index ab731f1..86e8009 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -22,6 +22,7 @@
         coredomain
         -appdomain
         -dex2oat
+        -dexoptanalyzer
         -idmap
         -init
         -installd
@@ -38,6 +39,7 @@
         coredomain
         -appdomain
         -dex2oat
+        -dexoptanalyzer
         -idmap
         -init
         -installd

diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index 1f92462..a2b2b01 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te

@@ -3,6 +3,10 @@
 type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
 type dexoptanalyzer_tmpfs, file_type;
 
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
 # Reading an APK opens a ZipArchive, which unpack to tmpfs.
 # Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
 # own label, which differs from other labels created by other processes.