Allow dexoptanalyzer to use fd's from odsign.

odsign exec()'s odrefresh, which in turn exec()'s dexoptanalyzer. Bug: 165630556 Test: No denials on boot Change-Id: Ie97726cfbdbf09f75fa0b00d34ee10c9bdf5a5d7
2021-02-19 09:52:15 +01:00 · 2021-02-19 09:52:15 +01:00 · 6badc7f4c8
commit 6badc7f4c8
parent e9d2671e10
1 changed files with 4 additions and 0 deletions
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@ -29,6 +29,10 @@ allow dexoptanalyzer apex_art_data_file:file r_file_perms;
 # Allow dexoptanalyzer to use file descriptors from odrefresh.
 allow dexoptanalyzer odrefresh:fd use;

+# Use devpts and fd from odsign (which exec()'s odrefresh)
+allow dexoptanalyzer odsign:fd use;
+allow dexoptanalyzer odsign_devpts:chr_file { read write };
+
 allow dexoptanalyzer installd:fd use;
 allow dexoptanalyzer installd:fifo_file { getattr write };