Fix sepolicy for secondary dex files am: 623f3f5cef am: 192cca8ee4
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12521289
Change-Id: Ic30f27ba8844e37f3bf2d05670b545f4ba458dc4
diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te
index ab731f1..86e8009 100644
--- a/prebuilts/api/30.0/private/coredomain.te
+++ b/prebuilts/api/30.0/private/coredomain.te
@@ -22,6 +22,7 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
@@ -38,6 +39,7 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
diff --git a/prebuilts/api/30.0/private/dexoptanalyzer.te b/prebuilts/api/30.0/private/dexoptanalyzer.te
index 1f92462..a2b2b01 100644
--- a/prebuilts/api/30.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/30.0/private/dexoptanalyzer.te
@@ -3,6 +3,10 @@
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
type dexoptanalyzer_tmpfs, file_type;
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
# own label, which differs from other labels created by other processes.
diff --git a/private/coredomain.te b/private/coredomain.te
index ab731f1..86e8009 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -22,6 +22,7 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
@@ -38,6 +39,7 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index 1f92462..a2b2b01 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -3,6 +3,10 @@
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
type dexoptanalyzer_tmpfs, file_type;
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
# own label, which differs from other labels created by other processes.